SAA-C01-226q

A user is designing a new service that receives location updates from 3,600 rental cars every hour. The cars upload their location to an Amazon S3 bucket. Each location must be checked for distance from the original rental location. Which services will process the updates and automatically scale?. Amazon EC2 and Amazon EBS. Amazon Kinesis Firehouse and Amazon 53. Amazon ECS and Amazon ROS. Amazon S3 events and AWS Lambda.

A solutions architect is designing a stateful web application that will run for one year (24/7) and then be decommissioned. load on his platform will be constant, using a number of r4.8x large instances. Key drivers for this system include high availability, but elasticity ls not required" What is the MOST cost-effective way to purchase compute for this platform?. Scheduled Reserved lnstances. Convertible Reserved Instances. Standard Reserved Instances. Spot Instances.

An applicationlaunched on Amazon EC2 instances needs to publish personally identifiable information (Pll) about customers using Amazon SNS. The application is launchedin private subnets within an Amazon VPC. Which is the MOST secure way to allow the application to access service endpoints in the same region?. Use an internet gateway. Use AWS Private Link. Use a NAT gateway. Use a proxy instance.

A Solutions Architect is designing a database solution that must support a high rate of random disk reads end writes It must provide consistent performance and requires long-term persistence, Which storage solution BEST meets these requirements?. An Amazon EBS Provisioned IOPS volume. An Amazon EBS General Purpose volume. An Amazon EBS Magnetic volume. An Amazon EC2 instance Store.

A Solutions Architect is designing a solution that Will include a database in Amazon RDS. Corporate security policy mandates that the database, its logs, and its backups are all encrypted. Which is the MOST efficient option to fulfill the security policy using Amazon RDS?. Launch an Amazon RDS instance with encryption enabled, Enable encryption for logs and backups. Launch an Amazon RDS instance, Enable encryption for the database, logs, and backups. Launch an Amazon RDS instance with encryption enabled. Logs and backups are automatically encrypted. Launch an Amazon RDS instance. Enable encryption for backups. Encrypt logs with a database-engine feature Achieving Success.

A team has an application that detects new objects being uploaded into an Amazon S3 bucket. The uploads trigger a Lambda function to write Object metadata into an Amazon DynamoDB table and RDS PostgreSQL database. Which action should the team take to ensure high availability?. Enable cross-region replication in the Amazon S3 bucket. Create a Lambda function for each Availability Zone the application is deployed in. Enable multi-AZ on the RDS PostgreSQL database. Create a DynamoDB stream for the DvnamoDB table.

A company processed 10 TB of raw data to generate quarterly reports. Although it is unlikely to be used again, the raw data needs to be preserved for compliance and auditing purposes. What is the MOST cost-effective way to store the data in AWS?. Amazon EBS cold HDD (SCI). Amazon S3 One Zone-Infrequent Access One (S3 Zone-IA). Amazon 53 Standard-Infrequent Access (S3 Standard-IA). Amazon Glacier.

A Solutions Architect is creating a multi-tiered architecture for an application that includes a public-facing web tier, Security requirements state that the Amazon EC2 instances running in the application tier must not be accessible directly from the internet What should be done to accomplish this?. Create a multi-VPC peering mesh with network access rules limiting communications to specific ports, Implement an internet gateway on each VPC for external connectivity. Place all instances in a single Amazon VPC with AWS WAF as the web front-end communication conduit. Configure a NAT gateway for external communications. Use VPC peering to peer with on-premises hardware. Direct enterprise traffic through the VPC peer connection to the instances hosted in the private VPC. Deploy the web and application instances in a private subnet. Provision an Application Load Balancer in the public subnet, Install an internet gateway and use security groups to control communications between the layers.

A popular e-commerce application runs on AWS The application encounters performance issues. The database is unable to handle the amount Of queries and load during peak times. The database is running on the RDS Aurora engine on the largest instance size available. What should an administrator do to improve performance?. Convert the database to Amazon Redshift. Create a CloudFront distribution. Convert the database to use EBS Provisioned IOPS. Create one or more read replicas.

A Solutions Architect is building a WordPress-based web application hosted on AWS using Amazon ECS. This application serves as blog for an international internet security company. The application must be geographically redundant and scalable. It must separate public Amazon EC2 web servers from the private Amazon RDS database, it must be highly available, and it must support dynamic p routing Which combination of AWS services or capabilities will meet these requirements?. AWS Auto Scaling with a Classic Load Balancer, and AWS Cloud Trail. Amazon Route 53, Auto Scaling with an Application Load Balancer, and Amazon CloudFront. A VPC, a NAT gateway; and Auto Scaling with a Network Load Balancer. Cloud Front, Route 53, and Auto Scaling with a Classic Load Balancer.

How can a user track memory usage in an EC2 instance?. Call Amazon CloudWatch to retrieve the memory usage metric data that exists for the EC2 instance. Assign an IAM role to the EC2 instance with an IAM policy granting access to the desired metric. Use an instance type that supports memory usage reporting to a metric by default. Place an agent on the EC2 instance to push memory usage to an Amazon Cloud Watch custom metric.

A Solutions Architect is designing a web application that will be hosted on Amazon EC2 instances in a public subnet. The web application uses a MySQL database in a private subnet. The database should be accessible to database administrators Which of the following options should the Architect recommend? (Select TWO.). Create a bastion host in a public subnet, and use the bastion host to connect to the database. Log in to the web servers in the public subnet to connect to the database. Perform DB maintenance after using SSH to conne to the NAT Gateway in a public subnet. Create an IPSec VPN tunnel between the customer site and the VPC, and use the VPN tunnel to connect to the database. Attach an Elastic IP address to the database.

A Solutions Architect is designing an Amazon VPC that requires access to a remote API server using IPv6. Resources within the VPC should not be accessed directly from the internet, HOW should this be achieved?. Use a NAT gateway and deny public access using security groups. Attach an egress-only internet gateway and update the routing tables. Use a NAT gateway and update the routing tables. Attach an internet gateway and deny public access using security groups.

A Solutions Architect is designing the storage layer for a production relational database. The database will run on Amazon EC2. The database is accessed by an application that performs intensive reads and writes, so the database requires the LOWEST random I/O latency Which data storage method fulfills the above requirements?. Store data in a filesystem backed by Amazon Elastic File System EFS. Store data in Amazon S3 and use a third-party solution to expose Amazon S3 as a filesystem to the database server. Store data in Amazon Dynamo and emulate relational database semantics. Stripe data across multiple Amazon EBS volumes using RAID.

An application has components running in a public subnet and a private subnet. The components within the private subnet must connect to the internet to receive updates. How should this be accomplished without moving the components into a public subnet?. Add an internet gateway to the private subnet and update the private subnet route table. Add a NAT gateway to the public subnet and update the public subnet route table. Add an internet gateway to the VPC and update the private subnet route table. Add a NAT gateway to the public subnet and update the private subnet route table.

A Lambda function mtJSt execute a query against an Amazon RDS database in a private subnet. Which Steps are required to allow the Lambda function to access the Amazon RDS database? (Select TWO.). Create a VPC Endpoint for Amazon RDS. Create the Lambda function within the Amazon RDS VPC. Change the ingress rules of Lambda security group, allowing the Amazon RDS security group. Change the ingress rules of the Amazon RDS security group, allowing the Lambda security group. Add an Internet Gateway (IGW) to the VPC; route the private subnet to the IGW.

A company is launching a static website using the zone apex (mycornpanv.com). The company wants to use Amazon Route 53 for DNS. Which steps should the company perform to implementa scalable and cost-effective solution? (Select TWO.). Host the website on an Amazon EC2 instance With ELB and Auto Scaling, and map a Route 53 alias record to the endpoint. Host the website using AWS Elastic Beanstalk, and map a Route 53 alias record to the Beanstalk stack. Host the website on an Amazon EC2 instance, ånd map a Route 53 alias record to the public IP address of the Amazon Host EC2 instance. Serve the website from an Amazon S3 bucket, and map a Route 53 alias record to the website endpoint. Create a Route 53 hosted zone, and set the NS records of the domain to use Route 53 name servers.

A company has a legacy application using a proprietary file system and plans to migrate the application to AWS. Which storage service should the company use?. Amazon Dynamodb. Amazon S3. Amazon EBS. Amazon EFS.

A company will run different data analytics jobs on large petabyte-scale data sets. using standard SQL and existing business intelligence tools. The data is mostly structured, but part of the data is unstructured and resides in Amazon S3. What technology should be used to support this use case?. An Amazon Aurora database cluster with 15 replicas distributed across Availability Zones. Amazon Redshift with Amazon Redshift Spectrum. Amazon DynamoDB with Amazon DynamoDB Accelerator (DAX). Amazon ElastiCache for Rediswith cluster mode enabled.

A Solutions Architect is designing an elastic application that Will have between 10 and 50 Amazon EC2 concurrent instances running, dependent on load. Each instance must mount storage that will read and write to the same 50 GB folder, Which storage type meets the requirements?. Amazon 53. Amazon EFS. Amazon EBS volumes. Amazon EC2 instance store.

A Solutions Architect is designing a three-tier web application. The Architect wants to restrict access to the database tier to accept traffic from the application servers only. However, these application servers are in an Auto Scaling group and may vary in quantity How should the Architect configure the database servers to meet the requirements?. Configure the database security group to allow database traffic from the application server IP addresses. Configure the database security group to allow database traffic from the application server security group. Configure the database subnet network ACL to deny all inbound non-database traffic from the application tier subnet,. Configure the database subnet network ACL to allow inbound database traffic from the application-tier subnet,.

A retail company operates an e-commerce environment that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group. Images are hosted in an Amazon 53 bucket using a custom domain name. During a flash sale with 10,000 simultaneous users, some images on the website are not loading. What should be done to resolve the performance issue?. Move the images to the EC2 instances in the Auto Scaling group. Enable Transfer Acceleration for the S3 bucket. Configure an Amazon CloudFront distribution With the S3 bucket as the origin. Increase the number of minimums, desired, and maximum EC2 instances in the Auto Scaling.

A Solutions Architect needs to allow developers to have SSH connectivity to web servers. The requirements are as follows: • Limit access to users originating from the corporate network. • Web servers cannot have SSH access directly from the Internet • Web servers reside in a private subnet. Which combination of steps must the Architect complete to meet these requirements? (Select TWO.). Create a bastion host that authenticates users against the corporate directory. Create a bastion host with security group rules that only allow traffic from the corporate network. Attach an IAM role to the bastion host with relevant permissions. Configure the web servers: security group to allow SSH traffic from a bastion host. Deny all SSH traffic from the corporate network in the inbound network ACL.

A Solutions Architect has a multi-layer application running in Amazon VPC. The application has an ELB Classic Load Balancer as the front end in a public subnet, and an Amazon EC2-based reverse proxy that performs content-based routing to two backend Amazon EC2 instances hosted in a private subnet. The Architect sees tremendous traffic growth and is concerned that the reverse proxy and current backend setup will be insufficient. Which actions should the Architect take to achieve a cost-effective solution that ensures the application automatically scales to meet traffic demand? (Select TWO.). Replace the Amazon EC2 reverse proxy with an ELB internal Classic Load Balancer. Add Auto Scaling to the Amazon EC2 backend fleet. Add Auto Scaling to the Amazon EC2 reverse proxy layer. Use t2 burstable instance types for the backend fleet. Replace both the frontend and reverse proxy layers with an ELB Application Load Balancer.

A Solutions Architect must select the storage type for a big data application that requires very high sequential 1/0. The data must persist if the instance is stopped Which of the following storage types will provide the best fit at the LOWEST cost for the application?. An Amazon EC2 instance store local SSD volume. An Amazon E 3S provisioned IOPS SSD volume. An Amazon EBS throughput optimized HDD volume. An Amazon E3S general purpose SSD volume.

A client reports that they want to see an audit log of any changes made to AWS resources in their account. What can the client do to achieve this?. Set up Amazon CloudWatch monitors on services they own. Enable AWS Cloud Trail logs to be delivered to an Amazon S3 bucket. Use Amazon CloudWatch Events to parse logs. Use AWS Ops Works to manage their resources.

A company's Data Analysis team needs to perform real-time complex queries against a database. As the team grows, the complex queries are slowing down production transactions. The current environment has an Amazon RDS database With the largest instance type and is still experiencing performance issues. Which solution will reduce costs and resolve the performance issues?. Implement an Amazon RDS Read Replica of the production database to be used by the Data. Analysis team and reduce the RDS database instance size. Implement Amazon ElastiCache and run the query against ElastiCache directly. Implement Amazon EC2 instances to run a cluster of the production database and remove the RDS database instance. Implement a larger Amazon RDS database instance type and apply Reserved Instances by submitting a limit increase request.

A retail company runs hourly flash sales and has a performance issue on its Amazon RDS for PostgreSQL database. The Database Administrators have identified that the issue with performance happens when finance and marketing employees refresh sales dashboards that are used for reporting real-time sales data. What should be done to resolve the issue without impacting performance?. Create a Read Replica of the RDS PostgreSQL database and point the dashboards at the Read Replica. Move data from the RDS PostgreSQL database to Amazon Redshift nightly and point the dashboards at Amazon Redshift. Monitor the database with Amazon CloudWatch and increase the instance size, as necessary. Make no changes to the dashboard. Take an hourly snapshot of the RDS PoStgreSQL database, and load the hourly snapshots to another database to which the dashboards are pointed.

A Solutions Architect is developing a solution for sharing files in an organization. The solution must allow multiple users to access the storage service at once from different virtual machines and scale automatically. It must also support file-level locking Which storage service meets the requirements Of this use case?. Amazon 53. Amazon EFS. Amazon EBS. Cached Volumes.

A business team requires a structured storage solution to store all of a company%s historical sales data. Currently there are 4 TB of which will grow to hundreds of terabytes within a few years. The team must be able to regularly run queries against the data using current business intelligence tools. Fast performance is required despite the dataset growth. Which solution should the company use?. Amazon Redshift. Amazon Aurora. Amazon DynamoD3. Amazon 53.

A Solutions Architect must design a solution that encrypts data in Amazon S3. Corporate policy mandates encryption keys be generated and managed on premises, Which solution should the Architect use to meet the security requirements?. AWS CloudHSM. SSE-KMS: Server-side encryption with AWS KMS managed keys. SSE-S3: Server-side encryption with Amazon-managed master key. SSE-C Server-side encryption with customer-provided encryption keys.

A three-tier application is being created to host small news articles. The application is expected to serve millions of users. When breaking news occursj the site must handle very large spikes in traffic without significantly impacting database performance. Which design meets these requirements while minimizing costs?. Use Auto Scaling groups to increase the number Of Amazon EQ instances delivering the web application. use Auto Scaling groups to increase the size Of the Amazon RDS instances delivering the database. Use Amazon DynamoDB strongly consistent reads to adjust for the increase in traffic. Use Amazon DynamoDB Accelerator (DAX) to cache read operations to the database.

A Solutions Architect is designing an application that is expected to have millions of users. The Architect needs options to store session data Which option is the MOST performance?. Amazon ElastiCache. Amazon RDS. Amazon S3. Amazon EFS.

A data-processing application runs on an i3.large EC2 instance with a single 100GB EBS gp2 volume, The application stores temporary data in a small database (less than 30 GB} located on the EBS root volume. The application is struggling to process the data fast enough, and a Solutions Architect has determined that the 1/0 speed of the temporary database is the bottleneck. What is the MOST cost-efficient way to improve the database response times?. Enable EBS optimization on the instance and keep the temporary files on the existing volume. Put the temporary database on a new 50-GB EBS gp2 volume. Move the temporary database onto instance storage. Put the temporary database on a new so-cg EBS 101 volume with a 3-1< IOPS provision.

A media company asked a Solutions Architect to design a highly available storage solution to serve as a centralized document store for their Amazon EC2 instances, The storage solution needs to be POSIX- compliant, scale dynamically, and be able to serve up to 100 concurrent EC2 instances. Which solution meets these requirements?. create an Amazon 53 bucket and store all Of the documents in this bucket. Create an Amazon EBS volume and allow multiple users to mount that volume to their EC2 instance(s). Use Amazon Glacier to store all of the documents. Create an Amazon Elastic File System (Amazon EFS) to store and share the documents.

A Solutions Architect is investigating purchasing options for a batch processing application on Amazon EC2 The batch job downloads an image from an Amazon S3 bucket, adds copyright information, and uploads It back to Amazon 53. It normally takes 5 to 10 hours to process all the files uploaded each week. The application has built-in capabilities to process files in parallel, recover from the instance failures, and continue the processing from where it left Off. What is the MOST cost-effective purchasing option the Solutions Architect can recommend?. Standard Reserved Instances. Scheduled Reserved Instances. Spot Instances. On-Demand Instances.

A Security team reviewed their company's VPC Flow Logins found that traffic is being directed to the internet. The application in the VPC uses Amazon EC2 instances for compute and Amazon S3 for storage. The company's goal is to eliminate internet access and allow the -application to continue to function. What change should be made in the VPC before updating the route table?. Create a NAT gateway for Amazon S3 access. Create a VPC endpoint for Amazon S3 access. Create a VPC endpoint for Amazon EC2 access. Create a NAT gateway for Amazon EC2 access.

A Solutions Architect is deploying a new production MySQL database on AWS. It is critical that the database is highly available. What should the Architect do to achieve this goal With Amazon RDS?. Create a read replica Of the primary database and deploy it in a different AWS Region. Enable multi-AZ to create a standby database in a different Availability Zone. Enable multi-AZ to create a standby database in a different AWS Region. Create a read replica of the primary database and deploy it in a different Availability Zone.

A Solutions Architect is designing a highly-available website that is served by multiple web servers hosted outside of AWS. If an instance becomes unresponsive, the Architect needs to remove it from the rotation. What is the MOST efficient way to fulfill this requirement?. Use Amazon CloudWatch to monitor utilization. use Amazon API Gateway to monitor availability. Use an Amazon Elastic Load Balancer. Use Amazon Route 53 health checks.

An ecommerce application is hosted in AWS. The last time a new product was launched, the application experienced a performance issue due to an enormous spike in traffic Management decided that capacity must be doubled the week of future product launches, Which is the MOST efficient way for management to ensure that capacity requirements are met?. Add a Step Scaling policy. Add a Dynamic Scaling policy. Add a Scheduled Scaling action. Add Amazon EC2 Spot Instances.

A customer has written an application that uses Amazon S3 exclusively as a data store. The application works well until the customer increases the rate at which the application is updating information, The customer now reports that outdated data occasionally appears when the application accesses objects in Amazon 53. What could be the problem, given that the application log it is otherwise correct?. The application is reading parts Of objects from Amazon S3 using a range header. The application is reading objects from Amazon S3 using parallel object requests. The application is updating records by writing new objects with unique keys. The application is updating records by overwriting existing objects with the same keys.

A Solutions Architect is developing a new web application on AWS. The services must scale to support an increasing load. The Architect wants to focus on software development and deploying new features rather than provisioning or managing servers. Which AWS service is appropriate?. Auto Scaling. Elastic Beanstalk. EC2 Container Service. CloudFormation.

A Solutions Architect is designing an application in AWS. The Architect must not expose the application or database tier over the lnternet for security reasons The application must be low-cost and have a scalable front end. The databases and application tier must have only one-way Internet access to download software and patch updates Which solution helps to meet these requirements?. Use a NAT Gateway as the front end for the application tier end to enable the private resources to have Internet access. Use an Amazon EC2-based proxy server as the front end for the application tier, and a NAT Gateway to allow Internet access for private resources. Use an ELB Classic Load Balancer as the front end for the application tier, and an Amazon EC2 proxy server to allow Internet access for private resources. Use an ELB Classic Load Balancer as the front end for the application tier* and a NAT Gateway to allow Internet access for private resources.

A Solutions Architect is designing a new workload where an AWS Lambda function will access an Amazon DynamoDB table. What is the MOST secure means of granting the Lambda function access to the DynamoDB table?. Create an identity and access management (IAM) role with the necessary permissions to access the DynamoDB table, and assign the role to the Lambda function. Create a DynamoDB user name and password and give them to the Developer to use in the Lambda function. Create an identity and access management (IAM) user, and create access and secret keys for the user. Give the user the necessary permissions to access the DynamoDB table. Have the Developer use these keys to access the resources?. Create an identity and access management (IAM) role allowing access from AWS Lambda and assign the role to the DynamoDB table.

An application server needs to be in a private subnet without access to the Internet. The solution must retrieve and upload files to an Amazon S3 bucket, How should a Solutions Architect design a solution to meet these requirements?. Use Amazon S3 VPC endpoints. Deploy a proxy server. Use a NAT Gateway. Use a private Amazon S3 bucket.

A company is running a series of national TV campaigns. These 30-second advertisements will introduce sudden traffic peaks targeted at a Node.js application. The company expects traffic to increase from five requests each minute to more than 5,000 requests each minute. Which AWS service should a Solutions Architect use to ensure traffic surges can be handled?. AWS Lambda. Amazon Elastic Cache. Size EC2 instances to handle peak load. An Auto Scaling group for EC2 instances.

A Solutions Architect designed a system based on Amazon Kinesis Data Streams. After the workflow was put into production, the company noticed it performed slowly and identified Kinesis Data Streams as the problem. One of the streams has a total of 10 Mb/s throughput. What should the Solutions Architect recommend to improve performance?. Use AWS Lambda to preprocess the data and transform the records into a simpler format such as CSV. Run the MergeShard command to reduce the number of shards that the consumer can more easily process. Change the workflow to use Amazon Kinesis Data Firehouse to gain a higher throughput. Run the Update Shardcount command to increase the number of shards in the stream.

A Solutions Architect is considering possible options for improving the security of the data stored on an Amazon EBS volume attached to an Amazon EC2 instance, Which solution will improve the security of the data?. Use AWS KMS to encrypt the EBS volume. Create an IAM policy that restricts read and write access to the volume. Migrate the sensitive data to an instance store volume. Use Amazon single sign-on to control login access to the EC2 Instance.

A Solutions Architect needs to design a solution that will enable a security team to detect, review, and perform root cause analysis of security incidents that occur in a cloud environment. The Architect must provide a centralized view Of all API events for current and future AWS regions. HOW should the Architect accomplish this task?. Enable AWS Cloud Trail logging in each individual region. Repeat this for all future regions. Enable Amazon CloudWatch logs for all AWS services across all regions and aggregate them in a single Amazon S3 bucket. Enable AWS Trusted Advisor security checks and report all security incidents for all regions. Enable AWS Cloud Trail by creating a new trail and apply the trail to all regions.

A Solutions Architect is designing an application that uses Amazon EBS volumes. The volumes must be backed up to a different region. How should the Architect meet this requirement?. Create EBS snapshots directly from one region to another. Move the data to an Amazon S3 bucket and enable cross-region replication. Create EBS snapshots and then copy them to the desired region. Use a script to copy data from the current Amazon EBS volume to the destination Amazon EBS.

A prediction process requires access to a trained model that is stored in an Amazon S3 bucket. The process takes a few seconds to process an image and make a prediction. The process is not overly resource-intensive, does not require any specialized hardware, and takes less than 512 MB of memory to run, What would be the MOST effective compute solution for this use case?. Amazon ECS. Amazon EC2 Spot instances. AWS Lambda functions. AWS Elastic Beanstalk.

An application stack includes an Elastic Load Balancer in a public subnet. a fleet Of Amazon EC2 instances in an Auto Scaling group and an Amazon RDS MySQL cluster. Users connect to the application from the Internet. The application servers and database must be secure. HOW should a Solutions Architect perform this task?. Create a private subnet for the Amazon EC2 instances and a public subnet for the Amazon RDS cluster. Create a private subnet for the Amazon EC2 instances and a private subnet for the Amazon RDS cluster. Create a public subnet for the Amazon EC2 instances and a private subnet for the Amazon RDS cluster. Create a public subnet for the Amazon EC2 instances and a public subnet for the Amazon RDS cluster.

A company creates business-critical 3D images every night. The images are batch-processed every Friday and require an uninterrupted 48 hours to complete What is the MOST cost-effective Amazon EQ pricing model for this scenario?. On-Demand Instances. Scheduled Reserved Instances. Reserved Instances. Spot Instances.

A company is setting up a new website for online sales. The company will have a web tier and a database tier. The web tier consists of load-balanced, auto-scaled Amazon EC2 instances in multiple Availability Zones (AZs). The database tier is an Amazon RDS Multi-AZ deployment. The EC2 instances must connect securely to the database. How should the resources be launched?. EC2 instances: public subnet ROS database instances public subnet Load balancer: public subnet. EC2 instances public subnet RDS database instances private subnet Load balancer: private subnet. EC2 instances private subnet RDS database instances public subnet Load balancer: public subnet. EC2 instances private subnet RDS database instances private subnet Load balancer: public subnet.

An application running on AWS Lambda requires an API key to access a third-patty service. The key must be stored securely with audited access to the Lambda function only. What is the MOST secure way to store the key?. As an object in Amazon S3. As a secure string in AWS Systems Manager Parameter Store. Inside a file on an Amazon EBS volume attached to the Lambda function. Inside a secrets file stored on Amazon EFS.

A company hosts a popular web application. The web application connects to a database running in a private VPC subnet. The web servers must be accessible only to customers on an SSL connection. The RDS MySQL database server must be accessible only from the web servers. How should a Solutions Architect design a solution to meet the requirements without impacting running applications?. Create a network ACL on the web server's subnet and allow HTTPS inbound and MySQL outbound. Place both database and web servers on the same subnet. Open an HTTPS port on the security group for web servers and set the source to 000.0/0. Open the MySQL port on the database security group and attach it to the MySQL instance. Set the source to Web Server Security Group. Create a network ACL on the web server's subnet, allow HTTPS inbound, and specify the source as 0.0.0.0/0, Create a network ACL on a database subnet, allow MySQL port inbound for web servers and deny all outbound traffic. Open the MySQL port on the security group for web servers and set the source to 0.0.0.0/0. Open the HTTPS port on the database security group and attach it to the MySQL instance. Set the source to Web Server Security Group.

A company wants to expand its web services from us-east-1 into ap-southeast-1. The company stores a large amount of static content on its website, and recently received complaints about slow loading speeds and the website timing out What should be done to meet the expansion goal while also addressing the latency and timeout issues?. Store the static content in Amazon S3 and enable S? Transfer Acceleration. Store the static content in an Amazon EBS volume in the ap-southeast-1 region and provision larger Amazon EC2 instances for the website. Use an Amazon Route 53 simple routing policy to distribute cached content across three regions. Use Amazon 53 to store the static content and configure an Amazon CloudFront distribution.

A Solutions Architect is designing an application that requires having six Amazon EC2 instances running at all times. The application will be deployed in the sa-east-l region, which has three Availability Zones: sa-east-1a, sa-east-1b. and sa-east-1c. Which action will provide 100 percent fault tolerance and the LOWEST cost in the event that one Availability Zone in the region becomes unavailable?. Deploy six Amazon EC2 instances in six Amazon EC2 instances in sa-east-1b, and six Amazon EC2 instances in sa-east-1c. Deploy six Amazon EC2 instances in sa-east-1a, four Amazon EC2 instances in sa-east-1b, and two Amazon EC2 instances in sa- east-1c. Deploy three Amazon EC2 instances in sa-east-1a, three Amazon EC2 instances in sa-east-1b, and three Amazon EC2 instances a-east-1c. Deploy two Amazon EC2 instances in sa-east-1a, two Amazon EQ instances in sa-east-1b, and two Amazon EC2 instances in sa-east-1c.

A web server will be provisioned on two Amazon EC2 instances with an Application Load Balancer. Which Of the following configurations Will allow traffic on HTTP and HTTPS When configuring a security group to apply to each Of these servers?. Allow all inbound traffic, With explicit denies on non-HTTP and nan-HTTPS ports. Allow incoming traffic to HTTP and HTTPS ports. Allow incoming traffic to HTTP and HTTPS ports, With explicit denies to all Other ports. Deny all traffic to non-HTTP and non-HTTPS ports.

A company is migrating on premises databases to AWS. The company's backend application produces a large amount of database queries for reporting purposes. and the company wants to offload some of those reads to a Read Replica, allowing the primary database to continue performing efficiently Which AWE database platforms will accomplish this? (Select TWO.). Amazon RDS for Oracle. Amazon RDS for PostgreSQL. Amazon RDS for MariaDB. Amazon DynamoD3. Amazon RDS for Microsoft SQL Server.

When designing an Amazon SQS message processing solution, messages in the queue must be processed befOre the maximum retention time has elapsed. Which actions will meet this requirement? (Select TWO.). Use AWS STS to process the messages. Use Amazon EBS-optimized Amazon EC? instances to process the messages. Use Amazon EC2 instances in an Auto Scaling group with scaling triggered based on the queue length. Increase the SQS queue attribute for the message retention period. Convert the SQS queue to a first-in first-out (FIFO) queue.

An application running in a private subnet accesses an Amazon DynamoDB table. There is a security requirement that the data never leave the AWS network How should this requirement be met?. Configure a network ACL on DynamoDB to limit traffic to the private subnet. Enable DynamoDB encryption at rest using an AWS KMS key. Add a NAT gateway and configure the route table on the private subnet. Create a VPC endpoint for DynamoDB and configure the endpoint policy.

During a review Of business applications a Solutions Architect identifies a critical application with a relational database that was built by a business user and is running on the user's desktop. TO reduce the risk Of a business interruptions the Solutions Architect wants to migrate the application to a highly available, multi-tiered solution in AWS. What should the Solutions Architect do to accomplish this with the LEAST amount Of disruption to the business?. Create an import package Of the application code for upload to AWS Lambda, and include a function to create another Lambda function to migrate data into an Amazon RDS database. Create an image of the user's desktop, migrate it to Amazon EC2 using VM Import, and place the EC2 instance in an Auto Scaling group. Pre-stage new Amazon EC2 instances running the application code on AWS behind an Application Load Balancer and an Amazon RDS Multi-AZ DB instance. Use AWS OMS to migrate the backend database to an Amazon RDS "Multi-AZ DB instance. Migrate the application code to AWS Elastic Beanstalk.

A Solutions Architect is designing a microservices-based application using Amazon ECS The application includes a WebSocket component, and the traffic needs to be distributed between microservices based on the URL Which serVice should the Architect choose to distribute the workload?. ELB Classic Load Balancer. Amazon Route 53 DNS. ELB Application Load Balancer. Amazon CloudFront.

An application tier currently hosts two web services on the same set of instances. listening on different ports. Which AWS service should a Solutions Architect use to route traffic to the service based on the incoming request path?. AWS Application Load Balancer. Amazon Cloud Front. Amazon Route 53. AWS ClassiC Load Balancer.

A Solutions Architect is reviewing an application that writes data to an Amazon DynamoDB table on a daily basis. Random table reads occur many times per second. The company needs to allow thousands Of low-latency reads and avoid any negative impact to the rest Of the application. What should the Solutions Architect do to meets the company is goals?. Use DynamoDB Accelerator to cache reads. Increase DynamoDB write capacity units. Add Amazon SQS to decouple requests. Implement Amazon Kinesis to decouple requests.

A Solutions Architect has five web servers serving requests for a domain. Which of the following Amazon Route 53 routing policies can distribute traffic randomly among all healthy web servers?. Simple. Failover. Weighted. Multivalue Answer.

A company is storing application data in Amazon S3 buckets across multiple AWS Regions, Company policy requires that encryption keys be generated at the company headquarters, but the encryption keys may be stored in AWS after generation. The Solutions Architect plans to configure cross-region replication. Which solution will encrypt the data while requiring the LEAST amount of operational overhead?. Configure the applications to write to an S3 bucket using client-side encryption. Configure SA buckets to encrypt using AES-256. Configure S3 object encryption using AWS CLI with Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS). Configure S3 buckets to use Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS) with imported key material in both regions.

A company wants to improve latency by hosting images within a public Amazon S3 bucket fronted by an Amazon CloudFront distribution, The company wants to restrict access to the S3 bucket to include the CloudFront distribution only, while also allowing CloudFront to continue proper functionality. What should be done after making the bucket private to restrict access with the LEAST operational overhead ?. Create a CloudFront origin access identity and create a security group that allows access from CloudFront. Create a CloudFront origin access identity end update the bucket policy to grant access to it. Create a bucket policy restricting åli access to the bucket to include CloudFront IPs only. Enable the CloudFront option to restrict viewer access and update the bucket policy to allow the distribution.

A company has many applications on Amazon EC2 instances running in Auto Scaling groups. Company policies require that data on the attached Amazon EBS volumes must be retained. Which action will meet this requirement without impacting performance?. Enable Termination Protection on the Amazon EC2 instances. Disable DeleteOn Termination for the Amazon EBS volumes. Use Amazon EC2 user data to set up a synchronization job for root volume data. Change the auto scaling Health Check to point to a source on the root volume.

A company maintains an application on an on-premises server. The company wants to automatically redirect users to a static maintenance page hosted on Amazon S3 when the application is unavailable. What is the MOST efficient method to ensure the users are automatically redirected?. Use an Amazon Route 53 failover routing policy, and configure the application as primary and the Amazon 53 static page as secondary. use Amazon CloudWatch Events to trigger an AWS Lambda function that changes the DNS to point to the static page. Use an Amazon Route 53 weighted routing policy, and configure the application higher and the Amazon S3 static page lower. Use Amazon Route 53 to set up multiple A records for both the application and Amazon S3.

An application relies on messages being sent and received in order, The volume will never exceed more than 300 transactions each second Which service should be used?. Amazon SQS. Amazon SNS. Amazon ECS. AWS STS.

A customer set up an Amazon VPC with one private subnet and one public subnet with a NAT gateway. The VPC Will contain a group Of Amazon EQ instances. All instances Will configure themselves at startup by downloading a bootstrap script from an Amazon S3 bucket With a policy that only allows access from the customer's Amazon EC2 instances and then deploys an application through GIT. A Solutions Architect has been asked to design a solution that provides the highest level of security regarding network connectivity to the Amazon EC2 instances. How should the Architect design the infrastructure?. Place the Amazon EC2 instances in the public subnet, with no ElPs, route outgoing traffic through the internet gateway. Place the Amazon EC2 instances in a public subnet, and assign ElPs, route outgoing traffic through the NAT gateway. Place the Amazon EC2 instances in a private subnet, and assign ElPs, route outgoing traffic through the internet gateway. Place the Amazon EC2 instances in a private subnet, with no ElPs. route outgoing traffic through the NAT gateway.

An application stores data in an Amazon RDS MySQL DB instance. The database traffic primarily consists of read queries, which are overwhelming the current database. A SoIutions Architect wants to scale the database What combination Of Steps will achieve the goal? (Select TWO). Add the MySQL database instances to an Auto Scaling group. Migrate the MySQL database to Amazon Aurora. Migrate the MySQL database to a PostgreSQL database. Create read replicas in different Availability Zones. Create an ELB Application Load.

A company is designing a new application to collect data on user behavior for analysis at a later time. Amazon Kinesis Data Streams will be used to receive user interaction events. What should be done to ensure the event data is retained indefinitely?. Configure the stream to write records to an attached Amazon EBS volume. Configure an Amazon Kinesis Data Firehouse delivery stream to store data on Amazon S3. Configure the stream data retention period to retain the data indefinitely. Configure an Amazon EC2 consumer to read from the data stream and store records in Amazon.

An online retailer has a series of flash sales occurring every Friday Sales traffic will increase during the sales only and the platform will handle the increased load. The platform is a three-tier application. The web tier runs on Amazon EC2 instances behind an Application Load Balancer. Amazon CloudFront is used to reduce web server load, but many requests for dynamic content must go to the web servers. What should be done to the web tier to reduce costs without impacting performance or reliability?. Use T-series instances. Purchase scheduled Reserved instances. Implement Amazon ElastiCache. Use Spot Instances.

A company is developing a data lake solution in Amazon S3 to analyse large-scale datasets. The solution makes infrequent SQL queries only- In addition, the company wants to minimize infrastructure costs. Which AWS service should be used to meet these requirements?. Amazon Athena. Amazon Redshift Spectrum. Amazon RDS for PostgreSQL. Amazon Aurora.

A Solutions Architect is designing a mufti-tier application consisting of an Application Load Balancer, an Amazon RDS database instance, and an Auto Scaling group of Amazon EC2 instances. Each tier is in a separate subnet. There are some EC2 instances in the subnet that belong to another application. The RDS database instance should accept traffic only from the EC2 instances in the Auto Scaling group What should be done to meet these requirements?. Configure the inbound network ACLs on the database subnet to accept traffic from the IP addresses of the EC2 instances only. Configure the inbound rules on the security group associated with the RDS database instance. Set the source to the security group associated with instances in the Auto Scaling group. Configure the outbound rules on the security group associated with the Auto Scaling group. Set 'the destination to the security group associated with the RDS database instance. Configure the inbound network ACLs on the database subnet to accept traffic only from the CIDR range Of the subnet used by the Auto Scaling group.

A company is running its application in a single region on Amazon EC2 with Amazon EBS and Amazon S3 as part of the storage design What should be done to reduce data transfer costs?. Create a copy of the compute environment in another region. Convert the application to run on Lambda@Edge. Create an Amazon CloudFront distribution with Amazon S3 as the origin. Replicate Amazon S3 data to buckets in regions closer to the requester.

A company is designing a failover strategy in Amazon Route 53 for its resources between two AWS Regions. The company must have the ability to route a user's traffic to the region with least latency, and if both regions are healthy, Route 53 should route traffic to resources in both regions. Which strategy should the Solutions Architect recommend?. Configure active-active failover using Route 53 latency DNS records. Configure active-passive failover using Route 53 latency DNS records. Configure active-active failover using Route 53 failover DNS records. Configure active-passive failover using Route 53 failover DNS records.

A Solutions Architect is trying to bring a data warehouse workload to an Amazon EC2 instance The data will reside in Amazon EBS volumes and full table scans will be executed frequently, What type of Amazon EBS volume would be most suitable in this scenario?. Throughput Optimized HDD (st1). Provisioned I OPS SSD (io1). General Purpose SSD (gp2). cold HDD (scl).

A Solutions Architect must migrate a monolithic on-premises application to AWS. It is a web application with a load balancer, web server, application server, and relational database. The key requirement driving the migration is that the application should perform better and be more elastic. Which of the following architectures would meet these requirements?. Re-host the application on Amazon EC2 with lift and shift of existing application code. Configure an Elastic Load Balancing load balancer to handle incoming requests. use Amazon CloudWatch alarms to receive notification of scaling issues. Increase and decrease the size of the Amazon EC2 instances using AWS CLI or AWS Management Console as required. He-architect the application as a three-tier application. Move the database to Amazon RDS. Use read replicas and Amazon ElastiCache with RDS for better performance. use an Application Load Balancer to forward incoming requests to web and application servers running on-premises. Re-platform the application as a three-tier application. Use Elastic Load Balancing for incoming requests. use EC2 for web and application tiers. Use RDS at the database tier. Use CloudWatch alarms and Auto Scaling for horizontal scaling at the web tier. Re-architect the application as Service Oriented Architecture (SOA). Run database and application servers on-premises. Run web-facing EC2 servers. use an Enterprise Service Bus to handle communications between different parts of the application running on-premises and in the cloud.

A Solutions Architect is defining a shared Amazon S3 bucket where corporate applications will save objects. How can the Architect ensure that when an application uploads an object to the Amazon S3 bucket, the object is encrypted?. Set a CORS configuration. Set a bucket policy to encrypt all Amazon S3 objects. Enable default encryption on the bucket. Set permissions for users.

A company wants to run a static website served through Amazon CloudFront. What is an advantage of storing the website content in an S3 bucket instead of an EBS volume?. S3 buckets are replicated globally, allowing for large scalability. EBS volumes are replicated only within a region. S3 is an origin for ClaudFront. EBS volumes would need EC2 instances behind an Elastic Load Balancing load balancer to be an origin. S3 buckets can be encrypted* allowing for secure storage of the web files. EBS volumes cannot be encrypted. S3 buckets support object-level read throttling, preventing abuse. EBS volumes do not provide object-level throttling.

A Solutions Architect is designing a system that will store Personally Identifiable Information (Pl) in an Amazon S3 bucket, Due to compliance and regulatory requirements, both the master keys and unencrypted data should never be sent to AWS. What Amazon S3 encryption technique should the Architect choose?. Amazon S3 client-side encryption with an AWS KMS-managed customer master key (CMK). Amazon 53 server-side encryption with an AWS KMS-managed key. Amazon S3 client-side encryption with a client-side master key. Amazon 53 server-side encryption with a customer-provided key.

A customer is running a critical payroll system in a production environment in one data center end a disaster recovery (OR) environment in another. The application includes load balanced web servers and failover for the MySQL database. The customer's DR process is manual and error-prone, For this reason, management has asked IT to migrate the application to AWS and make it highly available so that IT no longer has to manually fail over the environment. How should a Solutions Architect migrate the system to AWS?. Migrate the production and DR environments to different Availability Zones within the same region, Let AWS manage failover between the environments. Migrate the production and OR environments to different regions. Let ÅWS manage failover between the environments. Migrate the production environment to a single Availability Zones and set up instance recovery for Amazon ECZ Decommission the DR environment because it is no longer needed. Migrate the production environment to span multiple Availability Zones, using Elastic Load Balancing and Multi-AZAmazon RDS. Decommission the DR environment because it is no longer needed.

A company's policy requires that all data stored in Amazon S3 is encrypted. The company wants to use the option with the least overhead and does not want to manage any encryption keys. Which of the following options will meet the company's requirements?. AWS CloudHSM. AWS Trusted Advisor. Server Side Encryption (SSE-S3). Server Side Encryption (SSE-KMS).

A company is rolling out a new web service, but is unsure how many customers the service will attract. However, the company is unwilling to accept any downtime, What could a Solutions Architect recommend to the company in order to keep track of customers' current session data?. Amazon EC2. Amazon RDS. AWS Cloud Trail. Amazon DynamoDB.

An application stores data in an Amazon RDS PostgreSQL Multi-AZ database instance. The ratio Of read requests to write requests is about 2 to 1. Recent increases in traffic are causing very high latency How can this problem be corrected?. Create a similar RDS PostgreSQL instance and direct all traffic to it. Use the secondary instance of the Multiple Availability Zone for read traffic only. Create a read replica and send half Of all traffic to it. Create a read replica and send all read traffic to it.

A company uses AWS Elastic Beanstalk to deploy a web application running on c4 large instances Users are reporting high latency and failed requests. Further investigation reveals that the EC2 instances are running at or near 100% CPU utilization What should a Solutions Architect do to address the performance issues?. Use time-based scaling to scale the number Of instances based on periods of high load. Modify the scaling triggers in Elastic Beanstalk to use the CPU Utilization metric. Swap the c4.large instances with the m4.large instance type. Create an additional Auto Scaling group, and configure Amazon EBS to use both Auto Scaling groups to increase the scaling capacity.

A Solutions Architect has a three-tier web application that serves customers worldwide. Analysis reveals that product images take more time to load than expected, Which action will improve the image load time?. Store product images on Amazon EBS-optimized storage volumes. Store product images in an Amazon S3 bucket. Use an Amazon CloudFront distribution for product images. Use an Auto Scaling group to add instances for product images.

A Solutions Architect needs to design a centralized logging solution for a group of web applications running on Amazon EC2 instances. The solution requires minimal development effort due to budget constraints, Which of the following should the Architect recommend?. Create a crontab job script in each instance to push the logs regularly to Amazon S3. Install and configure Amazon CloudWatch Logs agent in the Amazon EC2 instances. Enable Amazon CloudWatch Events in the AWS Management Console. Enable AWS Cloud Trail to map all API calls invoked by the applications.

A Solutions Architect needs to deploy a node.js-based web application that is highly available and scales automatically. The Marketing team needs to roll back on application releases quickly, and they need to have an operational dashboard. The Marketing team does not want to manage deployment of OS patches to the Linux servers, use of which AWS service will satisfy these requirements?. Amazon EC2. Amazon API Gateway. AWS Elastic Beanstalk. Amazon EC2 Container Service.

A company requires operating system permission on a relational database served What should a Solutions Architect suggest as a configuration for a highly available database architecture?. Multiple EC2 instances in a database replication configuration that Uses two Availability Zones. A standalone Amazon EC2 instance with a selected database installed. Amazon RDS in a Mufti-AZ configuration with Provisioned IOPS. Multiple EC2 instances in a replication configuration that uses two placement groups.

An organization designs a mobile application for their customers to upload photos to a site. The application needs a secure login with MFA The organization wants to limit the initial build time and maintenance of the solution. Which solution should a Solutions Architect recommend to meet the requirements?. Use Amazon Cognito Identity with SMS-based MFA. Edit AWS IAM policies to require MFA fdr all users. Federate IAM against corporate AD that requires MFA. Use Amazon API Gateway and require SSE for photos.

A customer is migrating to AWS and requires applications to access Network File System shares without code changes. Data is critical and accessed frequently Which storage solution should a Solutions Architect recommend to maximize availability and durability?. Amazon EBS. Amazon S3. AWS Storage Gateway for files. Amazon EFS.

A company has a Node.js application running on Amazon EC2 that currently retrieves data for customers from a DynamoDB table. The company is seeing many repeat queries for the same items, and the number of queries is continuing to increase as the application gains popularity, What solution will reduce the number of read capacity units (RCUs) required while minimizing the amount of refactoring that must be done to the application?. Use Amazon Elastic ache to provide a caching layer. Use a Lambda function to make concurrent requests for caching. Use Amazon DynamoDB Accelerator (DAY) to provide a caching layer. Obtain Reserved Capacity for Amazon DynamoDB to manage the increased number Of queries.

A workload in an Amazon VPC consists of a single web server launched from a custom AMI. Session state is stored in a database. How should the Solutions Architect modify this workload to be both highly available and scalable?. Create a launch configuration with a desired capacity of two web servers across multiple Availability Zones, Create an Auto Scaling group With the AMI ID of the web server image. Use Amazon Route 53 latency-based routing to balance traffic across the Auto Scaling group. Create a launch configuration with the AMI ID of the web server image. Create an Auto Scaling group using the newly created launch configuration, and a desired capacity of two web servers across multiple regions. Use an Application Load Balancer (ALB) to balance traffic across the Auto Scaling group. Create a launch configuration with the AMI ID Of the web server image Create an Auto Staling group using the newly created launch configuration, and a desired capacity of two web servers across multiple Availability Zones. Use an ALB to balance traffic across the Auto Scaling group. Create a launch configuration with the AMI ID Of the web server image. Create an Auto Scaling group using the newly created launch configuration, and a desired capacity of two web servers across multiple Availability Zones. Use Route 53 weighted routing to balance traffic across the.

A company is using Amazon S3 as its local repository for weekly analysis reports. One of the company-wide requirements is to secure data at rest using encryption. The company chose Amazon S3 server-side encryption. The company wants to know how the object is decrypted when a GET request is issued, Which of the following answers this question?. The user needs to place a PUT request to decrypt the object. The user needs to decrypt the object using a private key. Amazon S3 manages encryption and decryption automatically. Amazon 33 provides a server-side key for decrypting the Object.

A Solutions Architect is designing a highly available web application on AWS. The data served on the website is dynamic and is pulled from Amazon DynamoDB. All users are geographically close to one another. HOW can the Solutions Architect make the application highly available?. Host the website data on Amazon S3 and set permissions to enable public read-only access for users. Host the web server data on Amazon CloudFront and update the objects in the CloudFront distribution when they change. Host the application on EC2 Instances across multiple Availability Zones. Use an Auto Scaling group coupled with an Application Load Balancer. Host the application on EC2 instances in a single Availability Zone. Replicate the EC2 instances to a separate region, and use an Application Load Balancer for high availability.

A Solutions Architect must design storage solution for incoming billing reports in CSV format. The data does not need to be scanned frequently and iS discarded after 30 days; Which service will be MOST cost-effective in meetingthese requirements?. Import the logs into an RDS MySQL instance. Use AWS Data Pipeline the logs into a DynamoDB. Write the files to an S3 bucket and use Amazon Athena to query the data. Import the logs to an Amazon Redshift cluster.

An insurance company stores all documents related to annual policies for the duration Of the policies. The documents are created once and then stored until they are required, typically at the end of the policy. A document must be capable of being retrieved immediately. The company is now moving their document management to the AWS Cloud Which service should a Solutions Architect recommend as a cost-effective solution that meets the company's requirements?. Amazon RDS MySQL. Amazon S3 Standard-Infrequent Access. Amazon Glacier. Amazon S3 Standard.

A Solutions Architect needs to deploy an HTTP/HTTPS service on Amazon EC2 instances with support for WebSockets using load balancers How can the Architect meet these requirements?. Configure a Network Load Balancer. Configure an Application Load Balancer. Configure a Classic Load Balancer. Configure a Layer-4 Load Balancer.

A company is launching a dynamic website, and the Operations team expects up to 10 times the traffic on the launch date, This website is hosted on Amazon EC2 instances and traffic is distributed by Amazon Route 53. A Solutions Architect must ensure that there is enough backend capacity to meet user demands. The Operations team wants to scale down as quickly as possible after the launch. What is the MOST cost-effective and fault-tolerant solution that will meet the company's customer demands? (Select TWO.). Set up an Application Load Balancer to distribute traffic to multiple EC2 instances. Set up an Auto Scaling group across multiple Availability Zones for the website, and create scale-out and scale-in policies. Create an Amazon CloudWatch alarm to send an email through Amazon SNS when EC2 instances experience higher loads. Create an AWS Lambda function to monitor website load time, run it every 5 minutes, and use the AWS SDK to create a new instance if website load time is longer than 2 seconds. Use Amazon CloudFront to cache the website content during launch and set a TTL for cache content to expire after the launch date.

A company has asked the Solutions Architect to modify its AWS-hosted internal application to allow for load balancing, The customer requests always come from the company domain (example.net). The company requires that incoming HTTP and HTTPS traffic is routed based on the path element of the URL in the request, Which implementation can satisfy all requirements?. Configure a Network Load Balancer with listeners for appropriate path patterns for the target groups. Configure an Application Load Balancer with host-based routing based on the domain field in the HTTP header. Configure a Network Load Balancer and enable cross-zone load balancing to ensure that all EC2 instances are used. Configure an Application Load Balancer with listeners for appropriate path patterns for the target groups.

A Solutions Architect must design a web application that will be hosted on AWS, allowing users to purchase access to premium, shared content that is stored in an S? bucket. Upon payment* content will be available for download for 14 days before the user is denied access Which of the following would be the LEAST complicated implementation?. Use an Amazon CloudFront distribution With an origin access identity (OAI). Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs- Design a Lambda function to remove data that is older than 14 days. Use an S3 bucket and provide direct access to the file Design the application to track purchases in a DynamoOB table. Configure a Lambda function to remove data that is older than 14 days based on a query to Amazon DynamoDB. Use an Amazon CloudFront distribution with an OAI Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs€ Design the application to set an expiration of 14 days for the URI. Use an Amazon CloudFront distribution with an OAI Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs, Design the application to set an expiration of 60 minutes for the URL and recreate the URL as necessary.

A Solutions Architect is designing a three-tier web application that Will allow customers to upload pictures from a mobile application. The application will then generate a thumbnail of the picture and return a message to the user confirming that the image was successfully uploaded. Generation of the thumbnail may take up to 5 seconds. To provide a subsecond response time to the customers uploading the images, the Solutions Architect wants to separate the web tier from the application tier. Which service would allow the presentation tier to asynchronously dispatch the request to the application tier?. AWS Step Functions. AWS Lambda. Amazon SNS. Amazon SQS.

A Solutions Architect is designing a shared file system for a company. Multiple users will be accessing it at any given time. Different teams will have their own directories, and the company wants to secure files so that users can access only files owned bvy their team HOW should the Solutions Architect design this?. Use Amazon EFS and control permissions by using file-level permissions. Use Amazon S3 and control permissions bv using ACLs. use Amaaon EFS and control permissions by using security groups. Use AWS Storage Gateway and control permissions by using AWS Identity and Access.

A customer has an application that is used by enterprise customers outside of AWS. Some of these customers use legacy firewalls that cannot whitelist by DNS name, but can whitelist based only on IP address. The application is currently deployed in two Availability Zones, with one EC2 instance in each that has Elastic IP addresses, The customer wants to whitelist only two IP addresses, but the two existing EC) instances cannot sustain the amount of traffic. What can a Solutions Architect do to support the customer and allow for more capacity? (Select TWO.). Create a Network Load Balancer with an interface in each subnet, and assign a static IP address to each subnet. Create additional EC2 instances and put them on standby. Remap an Elastic IP address to a standby instance in the event of a failure. Use Amazon Route 53 with a weighted, round-robin routing policy across the Elastic IP addresses to resolve one at a time. Add additional EC2 instances with Elastic IP addresses, and register them with Amazon Route 53. Switch the two existing EC2 instances for an Auto Scaling group, and register them with the Network Load Balancer.

A website keeps a record of user actions using a globally unique identifier (GUIDI retrieved from Amazon Aurora in place of the user name within the audit record. Security protocols state that the GUID content ust not leave the company's Amazon VPC. As the web traffic has increased, the number of web servers and Aurora read replicas has also increased to keep up with the user record reads for the GUID. What should be done to reduce the number of read replicas required while improving performance?. Keep the user name and GUID in memory on the web server instance so that the association can be remade on demand. Remove the record after 30 minutes. Deploy a Amazon ElastiCache for Redis server into the infrastructure and store the user name and GUID there. Retrieve the GUID from ElastiCache when required. Encrypt the GUID using Base64 and store it in the user's session cookie. Decrypt the GUID when an audit record is needed. Change the GUID to an MDS hash of the user name, so that the value can be calculated on demand without referring to the database.

An application is running on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. Four instances are required to handle a predictable traffic load. The Solutions Architect wants to ensure that the operation is fault•tolerant up to the loss of one Availability Zone. Which is the MOST cost-efficient way to meet these requirements?. Deploy two instances in each Of three Availability Zones. Deploy two instances in each of two Availability Zones. Deploy four instances in each of two Availability Zones. Deploy one instance in each of three Availability Zones.

A company has an Amazon RDS-managed online transaction processing system that has very heavy read and write. The Solutions Architect notices throughput issues with the system. How can the responsiveness of the primary database be improved?. Use asynchronous replication for standby to maximize throughput during peak demand. Offload SELECT queries that can tolerate stale data to READ replica. Offload SELECT and UPDATE queries to REAP replica. Offload SELECT query that needs the most current data to RÉAD replica.

A Solutions Architect was tasked with reviewing several templates that build VPCs and ensuring that they meet specific security requirements. After reviewing the templates, the Architect realizes that all of the templates are missing important security best practices. What should the Architect do to implement security best practices in an efficient manner?. Use VPC peering to enforce network consistency. Restrict users from deploying an AWS CloudFormation template. Provide the teams a nested AWS CloudFormation template that builds the VPC correctly. Create AWS Identity and Access Management (IAM) policies that enforce the corporate VPC architecture standards.

A Solutions Architect plans to migrate a load balancer tier from a data center to AWS. Several websites have multiple domains that require secure load balancing, The Architect decides to use Elastic Load Balancing Application Load Balancers, What is the MOST efficient method for achieving secure communication?. Create a wildcard certificate and upload it to the Application Load Balancer. Create an SNI certificate and upload it to the Application Load Balancer. Create a secondary proxy server to terminate SSL traffic before the traffic reaches the Application Load Balancer. Let a third-party Certificate Manager manage certificates required to all domains and upload them to the Application Load Balancer.

A restaurant reservation application needs the ability to maintain a waiting list. When a customer tries to reserve a table, and none are available, the customer must be put on the waiting list, and the application must notify the customer When a table becomes free. What service should the Solutions Architect recommend to ensure that the system respects the order in which the customer requests are put onto the waiting list?. Amazon SNS. AWS Lambda with sequential dispatch. A FIFO queue in Amazon SQS. A standard queue in Amazon SQS.

A Solutions Architect is designing a VPC Instances in a private subnet must be able to establish IPv6 traffic to the Internet. The design must scale automatically and not incur any additional cost, This can be accomplished with: an egress-only internet gateway. a NAT gateway. a custom NAT instance. a VPC endpoint.

A company has an application running as a service in Amazon ECS using the Amazon EC2 launch type. The application code makes AWS API calls to publish messages to Amazon SQS. What is the MOST secure method of giving the application permission to publish messages to Amazon SQS?. Use AWS IAM to grant SQS permissions to the role used by the launch configuration for the Auto Scaling group of the ECS cluster. Create a new identity and access management (IAM) user with SQS permissions, and then update the task definition to declare the access key ID and secret access key as environment variables. Create a new identity and access management (IAM) role with SQS permissions, and then update the task definition to use this role for the task role setting. Update the security group used by the ECS cluster to allow access to Amazon SQS.

An organization uses Amazon S3 to store video content served via its website. It only has rights to deliver this content to users within its own country and needs to restrict access. How can the organization ensure that these files are only accessible from within its country?. Use a custom Amazon S3 bucket policy to allow access only to users inside the organization's country. Use Amazon CloudFront and Geo Restriction to allow access only to users inside the organization's country. use an Amazon S3 bucket ACL to allow access only to users inside the organization's country. Use file-based ACL permissions on each video file to allow access only to users inside the organization's country.

A Solutions Architect is designing a solution to send Amazon CloudWatch Alarm notifications to a group of users on a smartphone mobile application, What are the key steps to this solution? (Select TWO.). Configure the CloudWatch Alarm to send the notification to an Amazon SNS topic whenever there is an alarm. Configure the CloudWatch Alarm to send the notification to mobile phone number whenever there is an alarm. Configure the CloudWatch Alarm ta send the notification to the email addresses whenever there is an alarm. Create the platform endpoints for mobile devices and subscribe the SNS topic with platform endpoints. Subscribe the SNS topic with an Amazon SQS queue and poll the messages continuously from the queue, Use each mobile platform's libraries to send the message to the mobile application.

Users submit requests to a service that takes several minutes to process. A Solutions Architect needs to ensure that these requests are processed at least once, and that the service has the ability to handle large increases in the number of requests. How should these requirements be met?. Put the requests into an Amazon SQS queue and configure Amazon EC2 instances to poll the queue. Publish the message to an Amazon SNS topic that an Amazon EC2 subscriber can receive and process. Save the request to an Amazon DynamoDB table with a DynamoDB stream that triggers an Amazon EC2 Spot Instance. use Amazon S3 to store the requests and configure an event notification to have Amazon EC2 instances process the new Object.

A Solutions Architect is creating a serverless web application that must access mapping data in hundreds Of data files* each containing approximately 30 KB Of data. The storage required is expected to grow to hundreds of terabytes. Which storage solution is most cost-effective. yet still meets the requitements for this use case?. Amazon EFS. Amazon EBS cold HDD (Sc1). Amazon S3 Standard. Amazon DynamoDB.

A company is developing a new stateless web service with low memory requirements. The service needs to scale based on demand What iS the MOST cost-effective solution?. Deploy the application onto AWS Elastic Beanstalk. Deploy the application onto AWS Lambda with access through Amazon API Gateway. Deploy the application onto an Amazon EC2 Spot Fleet. Deploy the application onto a container with an Amazon ECS EC2 launch type.

A company is creating a web application that will run on an Amazon EC2 instance. The application on the instance needs access to an Amazon dynamoDB table for storage. What should be done to meet these requirements?. Create another AWS account root user with permissions to the DynamoDB table. Create an IAM rote and assign the role to the EC2 instance with permissions to the DynamoDB table. Create an identity provider and assign the identity provider to the EC2 instance with permissions to the Dynamo table. Create identity federation with permissions to the DynamoDB table.

A company hosts a website using Amazon API Gateway on the front end. recently* there has been heavy traffic on the website, and the company wants to control access by allowing authenticated traffic only. how should the company limit access to authenticated user only? (Select TWO). allow users that are authenticated through Amazon Cognito. limit traffic through API gateway. allow X,509 certificates to authenticate traffic. Deploy AWS kms to identify users. assign permissions in AWS AM to allow users.

A company deployed a three-tier web application on Amazon EBS backed Amazon EC2 instances for the web and application tiers, and Amazon RDS for the database tier. The company is concerned about low of data in the web and application tiers What is the MOST efficient way to prevent data loss?. Create an Amazon EFS file system and run a shell script to copy the data. Create an Amazon EBS snapshot using an Amazon CloudWatch Events rule. Create an Amazon S3 snapshot policy to back up the Amazon EBS volumes. Create a snapshot lifecycle policy that takes periodic enapShots of the Amazon EBS volumes.

A company is using Amazon S3 for backups from an on premises environment Regulatory requirement retained for at least 7 years. The data is infrequently accessed for 35 days but needs to be instantly available. After 35 days, the data is rarely accessed Which combination of actions will provide the MOST cost effective solution? (Select Two). Change the backup so the data goes to Amazon 53 Standard Infrequent Access (S3 Standard-IA) directly. Create an S3 lifecycle policy that moves the data to the GLACIER storage class after 7 years. Change the backup so the data goes to Amazon Glacier directly. Create an S3 lifecycle policy that moves the data to Amazon S3 Standard Infrequent Access (S3 Standard-IA) after 35 days. Creates an S3 lifecycle policy that moves the data to the GLACIER storage class after 35 days.

A client has set up an Auto Scaling group associated with a load balancer, The client has noticed that instances launched by the Auto Scaling group are reported unhealthy as the result of an Elastic Load Balancing (ELB) health check, but those unhealthy instances are not being terminated What can a SolUtions Architect do to ensure that the instances marked unhealthy will be terminated and replaced?. Increase the value for the health check interval set on the ELB load balancer. Change the thresholds set on the Auto Scaling group health check. Change the health check type to ELB for the Auto Scaling group. Change the health check set on the ELB load balancer to use TCP rather than HTTP checks.

A Solutions Architect is building an online shopping application where users will be able to browse items, add items to a cart, and purchase the items Images of items will be stored in Amazon S3 buckets organized by item category When an item is no longer available for purchase, the item image will be deleted from the S3 bucket, Occasionally, during testing, item images deleted from the S3 bucket are still visible to some users What is a flaw in this design approach?. Defining S3 buckets by item may cause partition distribution errors, which will impact performance. Amazon S3 DELETE requests are eventually consistent which may cause other users to view items that have already been purchased. Amazon 53 DELETE requests apply a lock to the 53 bucket during the operation. causing Other users to be blocked. Using Amazon S3 for persistence exposes the application to a single point of failure.

An application is scanning an Amazon DynamoDB table that was created With default settings. The application occasionally reads stale data when it queries the table. How can this issue be corrected?. Increase the provisioned read capacity of the table. Enable Auto Scaling on the DynamoDB table. Update the application to use strongly consistent reads. Re-create the DynamoDB table with eventual consistency disabled.

A company is moving to AWS, Management has identified a set of approved AWS services that meet all deployment requirements. The company would like to restrict access to all other unapproved services to which employees would have access. Which solution meets these requirements with the LEAST amount of operational overhead?. Configure the AWS Trusted Advisor service utilization compliance report, Subscribe to Amazon SNS notifications from Trusted advisor, Create a custom AWS Lambda function that can automatically remediate the use of unauthorized services. Use AWS Config to evaluate the configuration settings of AWS resources Subscribe to Amazon SNS notifications from AWS Config. Create a custom AWS Lambda function that can automatically remediate the use of unauthorized services. Configure AWS Organizations. Create an organizational unit (OU) and place all AWS accounts. Configure AWS Organizations. Create an organizational unit (OU) and place all AWS accounts into the OIL Apply a service control policy (SCP) to the OU that denies the use of certain services.

An application produces monthly reports that must be immediately accessible for up to 7 days. After 7 days, the data can be archived Compliance policies require that the archived data be retrievable within 24 hours Of a request What is the MOST cost-effective approach to satisfy the compliance requirement?. Store the data in Amazon S3 Standard storage with a lifecycle rule to transition the data to Amazon S3 Standard Infrequent Access (S3 Standard IA) after 7 days, then transition to the GLACIER storage class after 30 days. Store the data in Amazon 53 Standard storage with a lifecycle rule to transition the data to Amazon S3 Standard Infrequent Access IS3 Standard-IA) after 7 days. Store the data in Amazon SA Standard storage with a lifecycle rule to transition the data to the GLACIER storage class after 30 days. Store the data in Amazon S3 Standard storage With a lifecycle rule to transition the data to the GLACIER storage class after days.

A company Will host a static website within an Amazon 33 bucket. The website Will serve millions of users globally, and the company wants to minimize data transfer costs. What should the Solutions Architect do to ensure costs are kept to a minimum?. Implement an AWS Auto Scaling group for the website to ensure it grows with use. Use cross-region replication to copy the website to an additional S3 bucket in a different region. Create an Amazon CloudFront distribution. with the S3 bucket as the origin server. Move the website to large compute-optimized Amazon EC2 instances.

A Solutions Architect needs to design a solution that will allow Website Developers to deploy static web content without managing server infrastructure All web content must be accessed over HTTPS with a custom domain name. The solution should be scalable as the company continues to grow, Which of the following will provide the MOST cost-effective solution?. Amazon EC2 instance with Amazon EBS. AWS Lambda function with Amazon API Gateway. Amazon CloudFront with an Amazon S3 bucket origin. Amazon S3 with a static website.

A company has an application that generates invoices and makes the invoices available online. Invoices are stored as PDFs in an Amazon S3 bucket. Customers typically only view each invoice during the month it is issued. However, past invoices need to be immediately available There are concerns over rising Storage costs as the company gains more customers, What is the MOST cost-effective method to store the data?. Use Amazon S3 for current invoices. Set up lifecycle rules to migrate invoices to the GLACIER storage class after 30 days. Store the invoices as text files, Use Amazon CloudFront to convert the invoices from text to PDF when customers download invoices. Store the invoices as binaries in an Amazon RDS database instance, Retrieve them from the database when customers request invoices. use Amazon 53 for current invoices. Set up lifecycle rules to migrate invoices to Amazon S3 Standard-lnfrequent Access (S3 Standard-IA) after 30 days.

A Solutions Architect is designing a new architecture that will use an Amazon EC2 Auto Scaling group. Which of the following factors determine the health check grace period? (Select TWO). How frequently the Auto Scaling group scales up or down. How many Amazon CloudWatch alarms are configured for Status checks. How much of the application code is embedded in the AMI. How long it takes for the Auto Scaling group to detect a failure. How long the bootstrap script takes to run.

A company's new web application running on Amazon EC2 across multiple Availability Zones (AZs) will be heavily accessed during regular business hours, After business hours. usage will be minimal, What fleet-scaling approach should be used to size the EC2 fleet to handle the traffic demands?. Manual scaling across all AZS. Provisioning for peak traffic. Scheduled scaling. Programmatic termination of all instances in one AZ during off-peak hours.

A Solutions Architect is designing a web application that runs on Amazon EC2 instances behind a load balancer, All data in transit must be encrypted. Which solutions will meet the encryption requirement? (Select TWO). use an Application Load Balancer (ALB) in passthrough mode then terminate SSL on EC2 instances. use an Application Load Balancer (ALB) with a TCP listener then terminate SSI. on EC2 instances. use an Network Load Balancer (NL8J with a TCP listener then terminate SSL on EC2 instances. use an Application Load Balancer (ALB) with an HTTPS listener then install SSI- certificates on the ALB and EC2 instances. Use a Network Load Balancer (NLB) with an HTTPS listener then install SSL certificates on the NLB and EC2 instances.

A company needs to use AWS resources to expand capacity for a website hosted in an on-premises data center. The AWS resources will indude load balancers, Auto Scaling, and Amazon EC2 instances that will access an on premises database. Network connectivity has been established, but no traffic is going to the AWS environment. How should Amazon Route 53 be configured to distribute load to the AWS environment? (Select TWO). Setup a weighted routing policy, distributing the workload between the load balancer and the on-premises environment. Set up an A record to point the DNS name to the IP address of the toad balancer. Create multiple A records far the EC2 instances. Set up a geolocation routing policy distribute the worked between the load balancer and the on-premises environment. Set up a routing policy for fåilover using the on-premises environment as primary and the load balancer as secondary.

A team has developed a now web application in an AWS Region that has three Availability Zones. AZ-a, AZ-b, and AZ-c. This application must be fault tolerant and needs at least six Amazon EC2 instances running at all times. The application must tolerate the loss of connectivity to any single Availability Zone so that the application can continue to run. Which configurations will meet these requirements? (Select TWO). AZ-a with six EC2 instances, AZ-b with six EC2 instances, and AZ-c with no EC2 instances. AZ-a with four EC2 instances, AZ-b with two EQ instances, and AZ-c with two EC2 instances. AZ-a with two EC2 instances, AZ-b with two EC2 instances, and AZ-c With two EC2 instances. AZ-a with three EC2 instances, AZ-b with three EC2 instances, and AZ-c with no EC2 instances. AZ-a with three EC2 instances, AZ-b with three EC2 instances, and AZ-c with three EC2 instances.

A companys Amazon RDS MYSQL Dd instance may be rebooted for maintenance and to apply patches- This database is critical and potential user disruption must be minimized. What should the Solutions Architect do in this scenario?. Setup an RDS MySQL cluster. Create an RDS MySQL Read Replica. Set RDS MySQL to Multi AZ. Create an Amazon EC2 instance MySQL cluster.

A company has a web application that makes requests to a backend API service. The API service is behind an Elastic Load Balancer running on Amazon EC2 instances-Most backend API service endpoint calls finish very quickly, but one endpoint that makes calls to create objects in an external service takes a long time to complete. There long-running calls are causing client timeouts and increasing overall system latency, What should be done to minimize the system throughput impact Of the slow-running endpoint?. Change the EC2 instance size to increase memory and compute capacity. Use Amazon SQS to offload the long-running requests for asynchronous processing by separate workers. Increase the load balancer idle timeout to allow the tong-running requests to complete. Use Amazon ElastiCache for Redis to cache responses from the external service.

A company is designing a website that will be hosted on Amazon S3. How should users be prevented from linking directly to the assets in the S3 bucket?. Create a static website, then update the bucket policy to require users to access the resources with the static website URL. Create an Amazon CloudFront distribution with an origin Access Identity (OAI) and update the bucket policy to grant. Create a static website, then configure an Amazon Route 53 record set with an alias pointing to the bucket policy to grant permission to the OAI only. Create an Amazon CloudFront distribution With an AWS WAF web ACL that permits access to the origin server through the distribution only.

An e-commerce application places orders in an Amazon SOS queue. When a message is received, Amazon EC2 worker instances process the request The EC2 instances are in an Auto Scaling group. How should the architecture be designed to scale up and down with the LEAST amount of operational overhead?. use an Amazon CloudWatch alarm on the EC2 CPU to scale the Auto Scaling group up and down. use an EC2 Auto Scaling health check for messages processed on the EC2 instances to scale up or down. Use an Amazon CloudWatch alarm based on the number of visible messages to scale the Auto Scaling group up or down. Use an Amazon CloudWatch alarm based on the CPU to scale the Auto Scaling group up or down.

A Solutions Architect is creating an application running in an Amazon VPC that needs to access AWS Systems Manager Parameter Store Network security rules prohibit any route table entry with a 0.0.0.0/0 destination. What infrastructure addition will allow access to the AWS service while meeting the requirements?. VPC peering. NAT instance. NAT gateway. AWS Private Link.

A photo-sharing website running on AWS allows users to generate thumbnail images of photos stored in Amazon S3. An Amazon DynamoDB table maintains the locations of photos, and thumbnails are easily re-created from the originals if they are accidentally deleted How should the thumbnail mages to stored to ensure the LOWEST cost?. Amazon S3 Standard-Infrequent Access (S3 Standard-I A) with cross-region replication. Amazon S3. Amazon Glacier. Amazon S3 With cross-region replication.

A company is implementing a data lake solution on Amazon S3. Its security policy mandates that the data stored in Amazon S3 should be encrypted at rest Which options can achieve this? (Select TWO). Use S3 server-side encryption with an Amazon EC2 key pair. use S3 server side encryption with customer-provided keys (SSE-C). use S3 bucket policies to restrict access to the data at rest. use client side encryption before ingesting the data to Amazon S3 using encryption keys. Use SSL to encrypt the data while in transit to Amazon S3.

A company wants to create an application that will transmit protected health information (PHI) to thousands of service consumers in different AWS accounts. The application servers will sit in private VPC subnets. The routing for the application must be fault tolerant What should be done to meet these requirements?. Create a VPC endpoint service and giant permissions to specific service consumers to create a connection. Create d virtual private gateway connection between each pair of service provider VPCs and service consumer VPCs. Create an internal Application Load Balancer in the service provider VPC and put application servers behind it. Create a proxy server in the service provider VPC to route requests from service consumers to the application servers.

An application generates audit logs of operational activities. Compliance requirements mandate that the application retain the logs for 5 years. How can those requirements be met?. Save the logs in an Amazon SA bucket and enable Multi-Fector Authentication Delete (MFA Delete) on the bucket. Save the logs in an Amazon ETS volume and use Network File System version (NFSv4) locking With the volume. Save the logs in an Amazon Glacier vault and use the Vault Lock feature. Save the logs in an Amazon EBS volume and take monthly snapshots.

An application runs on Amazon EC2 instances in multiple Availability Zones (AZs) behind an Application Load Balancer The load balancer is in public subnets, the EC2 instances are in private subnets and must not be accessible from the internet The EC2 instances must call external services on the internet. If one AZ becomes unavailable, the remaining EC2 instances must still be able to call the external services How should these requirements be met?. Create a NAT gateway attached to the VPC. Add a route to the gateway to each private subnet route table. Configure an internet gateway. Add a route to the gateway to each private subnet route table. Create a NAT instance in the private subnet of each AZ Update the route tables for each private subnet to direct internet- bound traffic to the NAT instance. Create a NAT gateway in each AZ Update the route tables for each private subnet to direct internet-bound traffic to the NAT gateway.

A Solutions Architect is designing a high-performance computing job that runs on Amazon EC2 instances in private subnets. To allow the application to download patches, the infrastructure must be altered to allow the instances to access external endpoints Any changes to the infrastructure must involve minimal ongoing systems management effort. What will allow the EC2 instances to access the endpoint While meeting these requirements?. NAT gateway. Elastic IP address. AWS Direct Connect. Virtual private gateway.

A company is creating a web application that allows customers to view photos in their web browsers The website is hosted in us-east-I on Amazon EQ instances behind an Application Load Balancer. Users will be located in many places around the world Which solution should provide all users With the fastest photo viewing experience?. Implement an AWS Auto Scaling group for the web server instances behind the Application Load Balancer. Enable Amazon CloudFront for the website and specify the Application Load Balancer as the origin. Move the photos into an Amazon S3 bucket and enable static website hosting. Enable Amazon ElastiCache in the web server subnet.

A company needs to store data for 5 years. The company will need to have immediate and highly available access to the data at any point in time, but will not require frequent access What lifecycle action should be taken to meet the requirements while reducing costs?. Transition objects from Amazon S3 Standard to Amazon S3 Standard Infrequent Access (S3 Standard-IA). Transition objects to expire after 5 years. Transition objects from Amazon S3 Standard to Amazon S3 One Zone-infrequent Access (S3 One Zone-IA). Transition objects from Amazon S3 Standard to the GLACIER storage class.

A company plans to deploy a new application in AWS that reads and writes information to a database- The company wants to deploy the application in two different AWS Regions in an active-active configuration, The databases need to replicate to keep information in sync What should be used to meet these requirements?. Amazon Athena with Amazon S3 cross-region replication. AWS Database Migration Service with change data capture. Amazon DynamoDB with global tables. Amazon ROS for PostgreSQL with a cross-region Read Replica.

A Solutions Architect is designing an application that will run on Amazon ECS behind an Application Load Balancer (ALB). For security reasons, the Amazon EC2 host instances for the FCS cluster are in a private subnet. What should be done to ensure that the incoming traffic to the host instances is from the ALB only?. Create network ACI rules for the private subnet to allow incoming traffic on ports 32768 through 61000 from the IP address of the ALB only. Update the FCS cluster security group to allow incoming access from the IP address of the ALB only. Modify the security group used by the ECS cluster to allow incoming traffic from the security group used the ALB only. Enable AWS WAF on the ALB and enable the ECS rule.

A company is writing a new service running on Amazon EC2 that must create thumbnail images of thousands Of images in a large archive. The system Will write scratch data to storage during the process. Which storage service is best suited for this scenario?. EC2 instance store. Amazon EFS. Amazon CloudSearch. Amazon EBS Throughput Optimized HDD (st1).

A company plans to Amazon GuardDuty to detect unexpected and potentially malicious activity. The company wants to use Amazon CloudWatch to ensure that when findings occur, remediation takes place automatically. Which CloudWatch feature should be used to trigger an AWS Lambda function to perform the remediation?. Events. Dashboards. Metrics. Alarms.

A customer owns a MySQL database that is accessed by various clients who expect, at most, 100ms latency on requests. Once a record is stored in the database, it is rarely changed Clients only access one record ata time Database access has been increasing exponentially due to increased client demand The resultant load will soon exceed the capacity of the most expensive hardware available for purchase. The customer wants to migrate to AWS and is willing to change database systems. Which service would alleviate the database load issue and offer virtually unlimited scalability tor the future?. Amazon RDS. Amazon DynamoDB. Amazon Redshift. AWS Data Pipeline.

A social networking portal experiences latency and throughput issues due to an increased number at users Application servers use very large datasets from an Amazon RDS database, which creates a performance bottleneck on the database. Which AWS service should be used to improve performance?. Auto Scaling. Amazon SQS. Amazon ElastiCache. ELB Application Load Balancer.

A Solutions Architect is designing a mobile application that will capture receipt images to track expenses. The Architect wants to store the images on Amazon S3. However, uploading images through the web server will create too much traffic. What is the MOST efficient method to store images from a mobile application on Amazon S3?. upload directly to S3 using a pre-signed URL. Upload to a second bucket, and have a Lambda event copy the image to the primary bucket. upload to a separate Auto Scaling group of servers behind an ELB Classic Load Balancer and have them write to the Amazon S3 bucket. Expand the web server fleet with Spot Instances to provide the resources to handle the images.

An application provides a feature that allows users to securely download private and personal files. The web server is currently overwhelmed with serving files for download. A Solutions Architect must find a more effective solution to reduce web server Ioad and costs, and must allow users to download only their own files. Which solution meets all requirements?. Store the files securely on Amazon S3 and have the application generate an Amazon S3 pre-signed URL for the user to download. Store the files in an encrypted Amazon EBS volume. and use a separate set of servers to serve the downloads. Have the application encrypt the files and store them in the local Amazon EC2 instance Store prior to serving them up for download. Create an Amazon CloudFront distribution to distribute and cache the tiles.

A news organization plans to migrate their 20 T3 video archive to AWS. The files are rarely accessed but when they are, a request is made in advance and a 3 to S hour retrieval time frame is acceptable. However, When there is a breaking news Story, -the editors require access to archived footage within minutes Which storage solution meets the needs Of this organization While providing the LOWEST cost Of storage?. Store the archive in Amazon S3 Reduced Redundancy Storage. Store the archive in Amazon Glacier and use standard retrieval for all content. Store the archive in Amazon Glacier and the additional charge for expedited retrieval When needed. Store the archive in Amazon S3 with a lifecycle policy to move this to S3 Infrequent Access after 30 days.

A Solutions Architect is designing an Amazon VPC. Applications in the VPC must have private connectivity to Amazon DynamoDB in the same AWS Region The design should route DynamoDB traffic through. VPC peering connection. NAT gateway. VPC endpoint. AWS Direct Connect.

An organization hosts 10 microservices, each in an Auto Scaling group behind individual Classic Load Balancers. Each EC2 instance is running at optimal load Which of the following actions would allow the organization to reduce costs without impacting performance?. Reduce the number of EC2 instances behind each Classic Load Balancer. Change instance types in the Auto Scaling group launch configuration. Change the maximum Size but leave the desired capacity of the Auto Scaling groups. Replace the Classic Load Balancers With a single Application Load Balancer.

A Solutions Architect is designing a multicontainer-based web application Parts of the web application, /orders and /sale-event, must scale independently while maintaining a single Fully Qualified Domain Name. Which AWS services will help the Architect build this platform? (Select TWO). Amazon ELB Application Load Balancer. Amazon ELB Classic Load Balancer. Amazon EC2 Container Service. Amazon DynamoDB. Amazon SQS.

Which tool analyzes account resources and provides a detailed inventory of changes over time?. AWSConfig. AWS CloudFormation. Amazon CloudWatch. AWS Service Catalog.

A Solutions Architect is designing an application on AWS that Will connect to the on-premise data center through a VPN connection. The solution must be able to log network traffic the VPN Which service logs this network traffic'?. AWS CloudTraiI logs. Amazon VPC flow logs. Amazon S3 bucket logs. Amazon Cloud Watch Logs.

A Solutions Architect is building a new feature using Lambda to create metadata when a user uploads a picture to Amazon S3. All metadata must be indexed Which AWS service should the Architect use to store this metadata?. Amazon S3. Amazon DynamoDB. Amazon Kinesis. Amazon EFS.

A Solutions Architect needs to design an architecture fora new mission-critical batch processing billing application, The application is requited to run Monday, Wednesday, and Friday from 5 AM to 11 AM Which is the MOST cost-effective Amazon EC2 pricing model?. Amazon EC2 Spot Instances. On-Demand Amazon EC2 Instances. Scheduled Reserved Instances. Dedicated Amazon EC2 Instances.

A company runs a legacy application with a single-tier architecture on amazon EC2 Instance Disk I/O is low, With occasional small spikes during business hours. The company requires the instance to be stopped from 8 PM to 8 AM daily Which storage option is MOST appropriate for this workload?. Amazon EC2 instance storage. Amazon EBS General Purpose SSO (gp2) storage. Amazon S3. Amazon EBS Provision IOPS SSD (io1) storage.

An organization is currently hosting a large amount Of frequently accessed data consisting Of key-value pairs and semi•structured documents in their data center. Thev are planning to move this data to AWS Which of one of the following services MOST effectively meets their needs?. Amazon Redshift. Amazon RDS. Amazon DynamoDB. Amazon Aurora.

A Solutions Architect needs to convert potential single points of failure to a highly-available configuration, The current architecture contains Amazon EC2 instances with databases running in one Availability Zone. Web-tier resources have not been given public addresses but still require Internet access. Which solution should the Architect use to maintain high availability?. Use ELB Classic Load Balancer with the web tier Deploy EC2 instances in two Availability Zones and enable Multi-AZ RDS Deploy a NAT gateway in one Availability Zone. Use ELB Classic Load Balancer with the web tier Deploy EC2 instances in two Availability Zones and enable Multi AZ RDS Deploy NAT gateways in both Availability Zones. use ELB Classic Load Balancer with the database tier Deploy Amazon EC2 instances in two Availability Zones and enable Multi-AZ RDS Deploy NAT gateways in both Availability Zones. Use ELB Classic Load Balancer With the database tier Deploy Amazon EC2 instances m two Availability Zones and enable Multi-AZ RDS Deploy a NAT gateway in one Availability Zone.

An application runs In a VPC on Amazqn EC2 instances behind an Application Load Balancer Traffic to the Amazon EC2 instances must be limited to traffic from the Application Load Balancer Based on these requirements, the security group configuration Should only allow traffic from. the public IPs of the Application Load Balancer nodes. the IP range of the Application Load Balancer subnets. the security group attached to the Application Load Balancer. the VPC CIDR.

A Solutions Architect is designing for a web application that will be hosted on AWS. Internet users will access the application using HTTP and HTTPS How should the Architect design the traffic control requirements?. Am Use a network ACL to allow outbound ports tor HTTP and HTTPS Deny other traffic tor inbound and outbound. Use a network ACL to allow inbound ports tor HTTP and HTTPS Deny Other traffic for inbound and outbound. Allow inbound ports tor HTTP and HTTPS in the security group used by the web servers. Allow outbound ports torHTTP and HTTPS in the security group used by the web servers.

An application calls a service run by a vendor. The vendor charges based on the number of calls. The finance department needs to know the number Of calls that are made to the service to validate the billing statements HOW can a Solutions Architect design a system to durably store the number Of calls without requiring changes to the application?. Call the service through an internet gateway. Decouple the application from the service with an Amazon SQS queue. Publish a custom Amazon CloudWatch metric that counts calls to the service. Call the service through a VPC peering connection.

A company plans to use an Amazon VPC to deploy a web application consisting Of an elastic load balancer, a fleet Of web and application servers, and an Amazon RDS MySQL database that should not be accessible from the Internet. The proposed desing must be highly available and distributed over two Availability Zones What would be the MOST appropriate VPC design for this specific use case?. Two public subnets for the elastic load balancer, two public subnets pr the web servers, and two public subnets for Amazon RDS. One public subnet for the elastic load balancer, two private subnets tor the web servers, and two private subnets for Amazon RDS. One publiC subnet for the elastic load balancer, one public subnet tor the web servers, and one private subnet for the database. Two public subnets for the elastic load balancer, two private subnets for the web servers, and two private subnets for RDS.

A company has an application that accesses a MySQL database installed on a single EC2 instance. The instance recently experienced a fault and brought down the entire application for several hours. The company wants to address the issue but is concerned about spending too much time modifying application code or managing the legacy application. What should the Solutions Architect recommend to remove this single point of failure with the FEWEST changes to the application code and the LEAS T amount of administrative effort?. Implement a caching liver by using Amazon ElastiCache to store query results of frequently accessed information. Deploy a second EC2 instance with MySQL installed and configure replication between this instance and the existing MySQL instance. Migrate the database to an RDS MySQL Multi-AZ DB instance and point the application servers to the new RDS instance. Create a DynamoDB table to use as a cache layer and update the application to query data from Amazon DynamoDB before querying MySQL.

A Solutions Architect needs to build a resilient data warehouse using Amazon Redshift. The Architect needs to rebuild the Redshift cluster in another region Which approach can the Architect take to address this requirement?. Modify the Redshift cluster and configure cross-region snapshots to the other region. Modify the Redshift cluster to take snapshots of the Amazon EBS volumes each day, sharing those snapshots With the Other region. Modify the Redshift cluster and configure the backup and specify the Amazon S3 bucket in the other region. Modify the Redshift cluster to use AWS Snowball in export mode with data delivered to the other region.

A Solutions Architect is designing a customer order processing application that will likely have high usage spikes What should the Architect do to ensure that customer orders are not lost before being written to an Amazon RDS database? (Select TWO). Use Amazon CloudFront to deliver the application front end. Use Elastic Load Balancing with a round robin routing algorithm. Have the orders written into an Amazon SQS queue. Scale the number of processing nodes based on pending order volume. Have a standby Amazon RDS instance in a separate Availability Zone.

A Solutions Architect needs to configure scaling policies based on Amazon CloudWatch metrics for an Auto Scaling group, The application running on the instances is memory intensive How can the Architect meet this requirement?. Enable detailed monitoring on the Amazon EC2 instances. Publish custom metrics to CloudWatch from the application. Configure lifecycle policies for the Amazon FC2 instances. Set up high-resolution alarms for the Auto Stealing group.

An application runs on EC2 instances behind an Elastic Load Balancing Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. The application provides a RESTful interface with both synchronous and asynchronous operations. The asynchronous operations. The asynchronous operations require up to 5 minutes to complete. Although the application must remain available at all times after business hours, the traffic going to the application is greatly reduced and often results in the Auto Scaling group running the minimum number of On-Demand Instances What should the Solutions Architect recommend to optimize the cost of the environment after business hours?. Change the Availability Zones in which the instances were created to another Availability Zone in the same region with a lower cost. Replace all On-Demand Instances with Spot Instances in the Auto Scaling group. Purchase Reserved Instances for the minimum number of Auto Scaling instances. Reduce the number of minimum instances to 0 New requests to the Application Load Balancer create new instances.

A Solutions Architect is asked to improve the fault tolerance of an existing Python application. The web application places I-MB images in an S3 bucket, The application then uses a single t2.large instance to transform the image to include a watermark With the company's brand before writing the image back to the S3 bucket What should the Solutions Architect recommend to increase the fault tolerance of the solution?. Convert the code to a Lambda function triggered by scheduled Amazon CloudWatch Events. Increase the instance size to m4 xlarge and configure Enhanced Networking. Convert the code to a Lambda function triggered by Amazon S3 events. Create an Amazon SOS queue to send the images to the t2 large instance.

A call center application consists Of a three-tier application using Auto Scaling groups to automatically scale resources as needed, Users report that every morning at 9:00 AM the system becomes very slow for about 15 minutes. A Solutions Architect determines that a large percentage Of the call center staff starts work at 9:00 AM, so Auto Scaling does not have enough time to scale out to meet demand. How can the Architect fix this problem?. Change the Auto Scaling group's scale out event to scale based on network utilization. Create an Auto Scaling scheduled action to scale out the necessary resources at 8:30 AM every morning. Use Reserved Instances 10 ensure the system has reserved the right amount of capacity for the scale up events. Permanently keep a steady state of instances that is needed at 9:00 AM to guarantee available resources but leverage Spot Instances.

A web application running on Amazon EC2 instances writes data synchronously to an Amazon DynamoDB table configured for 60 write capacity units. During normal operation the application writes 50 KB/s to the table, but can scale up to KB/s during peak hours. The application is currently getting thrott ling errors from the DynamoD8 table during peak hours What is the MOST cost-effective change to support the increased traffic with minimal changes to the application?. Use Amazon SQS to manage the write operations to the DynamoDB table. Change DynamoDB table configuration to write capacity units. Increase the number of Amazon EC2 instances to support the traffic. Configure Amazon DynamoDB Auto Scaling 10 handle the extra demand.

A company is launching an application that it expects to be very popular. The company needs a database that can scale with the rest of the application. The schema will change frequently' The application cannot afford any downtime for databased changes. Which AWS service allows the company to achieve these objectives?. Amazon Redshift. Amazon DynamoDB. Amazon RDS MySQL. Amazon Aurora.

A Solutions Architect is designing a disaster recovery (DR) environment in a separate AWS region from an application's primary workload. The application uses a multi-tier architecture, and only the RDS instance will have frequent changes. The application installation process takes 60 minutes on average. The disaster recovery plan must have an RPO Of loss than 90 minutes and an RTO Of less than 30 minutes Which Of Following would enable the Solutions Architect to meet these requirements? (Select TWO). An Aurora instance as the primary database with a read replica in the DR region. inter-region VPC peering between the primary workload VPC and the DR VPC. Across-region Amazon EC2 Amazon Machine Image (AMI) copy. Amazon S3 cross-region replication of application-tier installers. Amazon CloudWatch Events in the primary region that trigger the failover to the DR region.

Application servers currently deployed in a private subnet require the ability to integrate with a third-party service accessible through the Internet Which changes are required to provide outbound Internet connectively in the VPC without providing inbound Internet connectivity to the application servers?. Create a NAT Gateway without attaching an Internet Gateway to the VPC. Create a NAT Gateway and attach an Internet Gateway to the VPC. Attach an Internet Gateway to the VPC without creating a NAT Gateway. Attach a Virtual Private Gateway to the VPC and create a NAT Gateway.

A company is developing several critical Iong-running applications hosted on Docker How should a Solutions Architect design a solution to meet the scalability and orchestration requirements on AWS?. Use Amazon ECS and Service Auto Scaling. Use Spot Instances for orchestration and for scaling containers on existing Amazon EQ instances. Use AWS OpsWorks to launch containers in new Amazon EC2 instances. Use Auto Scaling groups to launch containers on exiSting Amazon EQ instances.

A Solutions Architect is designing a log-processing solution that requires storage that supports up to 500 MB/s throughput. The data is sequentially accessed by an Amazon EC2 instance Which Amazon storage type satisfies these requirements?. EBS Provisioned IOPS SSD (iol). EBS General Purpose SSD (gp2). EBS Throughput Optimized HDD (stl). EBS cold HDD (scl).

A Solutions Architect is designing a web application that is running on an Amazon EC2 instance. The application stores data in DynamoDB. The Architect needs to secure access to the DynamoDB table What combination of steps does AWS recommend to achieve secure authorization? (Select TWO). Store an access key on the Amazon EC2 instance with lights to the DynamoDB table. Attach an IAM user to the Amazon EC2 instance. Create an IAM role with permissions to write to the DynamoDB table. Attach an IAM role to the Amazon EC2 instance. Attach an IAM policy to the Amazon EC2 instance.

A Solutions Architect is designing a web application. The web and application tiers need to access the Internet, but they cannot be accessed from the Internet. Which Of the following Steps is required?. Attach an Elastic IP address to each Amazon EC2 instance and add a route from the private subnet to the public subnet. Launch a NAT gateway in the public subnet and add a route to it from the private subnet. Launch Amazon EC2 instances in the public subnet and change the security group to allow outbound traffic on port 80. Launch a NAT gateway in the private subnet and deploy a NAT instance in the private subnet.

A data analytics startup company asks a Solutions Architect to recommend an AWS data store option for indexed data. The data processing engine will generate and input more than 64 TB of processed data every day, with item sues reaching up to 300 KB. The startup is flexible with data storage models and is more interested in a database that requires minimal effort to scale with a growing dataset size. Which AWS data store service should the Architect recommend?. Amazon RDS. Amazon Redshift. Amazon DynamoDB. Amazon 53.

A Solutions Architect is designing a new web application on Amazon EC2- The system must make application-specific metrics, such as application security events, available to the Sysops teams. How should the Solutions Architect enable this in the design?. Install AWS SDK on the application instances. Design the application to use the AWS SDK to log events directly to an Amazon S3 bucket. Install the Amazon Inspector agent on the application instances Design the application to store events in application log files. Install the Amazon CloudWatch Logs agent on the application instances. Design the application to store events in application log files. Install AWS SDK on the application instances Design the application to use AWS SDK to log sensitive events directly to AWS CloudTrail.

A company has a web application running in a Docker continer that connects to a MySQL server in an on-premises data center. The deployment and maintenance of this application are becoming time-consuming and slowing down new feature releases. The company wants to migrate the application to AWS and use services that helps facilitate infrastructure management and deployment. Which architectures should the company consider on AWS? (Select TWO.). Amazon ECS for the web application and an Amazon RDS for MySQL for the database. AWS Elastic Beanstalk Docker Multi-container either for the web application or database. AWS Elastic Beanstalk Docker Single Container for the web application, and an Amazon RDS for MySQL for the database. AWS CloudFormation with Lambda Custom Resources without VPC for the web application, and an Amazon ROS for MySQL database. AWS CloudFormation with Lambda Custom Resources running in a VPC for the web application. and an Amazon ROS for MySQL database.

A Solutions Architect has been asked to deliver video content stored on Amazon S? to specific users from Amazon CloudFront while restricting access by unauthorized users. How can the Architect implement a solution to meet these requirements?. Configure CloudFront to use signed-URLs to access Amazon S3. Store the videos as private objects in Amazon S3t and let CloudFront serve the objects by using only Origin Access Identity (OAI). Use Amazon 53 static website as the origin Of CloudFront and configure CloudFront to deliver the videos by generating a signed URL for users. Use OAI for CoudFrcnt to access private sg objects and select the Restrict Viewer Access option in CloudFront cache behavior ta use signed URLs.

A company is looking for a fully-managed solution to store its players' state information for a rapidly growing game. The application runs on multiple Amazon EC2 nodes, which can scale according to the incoming traffic, The request can be routed to any of the nodes, therefore, the state information must be stored in a centralized database. The players state information needs to be read With strong consistency and needs conditional updates for any changes. Which service would be MOST cost-effective, and scale seamlessly?. Amazon S3. Amazon DvnamoDB. Amazon RDS. Amazon Redshift.

An Administrator is hosting an application on a single Amazon EC2 instance, which users can access by the public hostname, The administrator is adding a second instance, but does not want users to have to decide between many public hostnames. Which AWS service will decouple the users from specific Amazon EC2 instances?. Amazon SQS. Auto Scaling group. Amazon EC2 security group. Amazon ELB.

A customer has a service based out of Oregon, IJS and Paris, France. The application is storing data in an S3 bucket located in Oregon, and that data is updated frequently. The Paris Office is experiencing slow response times when retrieving objects What should a Solutions Architect do to resolve the slow response times for the Paris office?. Set up an 53 bucket based in Paris, and enable cross-region replication from the Oregon bucket to the Paris bucket. Create an Application Load Balancer that load balances data retrieval between the Oregon S3 bucket and a new Paris 33 bucket. Create an Amazon CloudFront distribution with the bucket located in Oregon as the origin and set the Maximum Time to Live (TTL) for cache behavior to 0. Set up an S3 bucket based in Paris, and enable a lifecycle management rule to transition data from the Oregon bucket to the Paris bucket.

A Solutions Architect is designing a ride-sharing application, The application needs consistent and single, digit millisecond latency. In additions the application must integrate with highly scalable and fully managed database service to track GPS coordinates and user data for all rides, Which database service should the Solutions Architect use to meet these performance requirements?. Amazon RDS. Amazon Redshift. Amazon DvnamoDB. Amazon Aurora.

A company has a website running on Amazon EC2. The application DNS name points to an Elastic IP address associated with the EC2 instance. In the event of an attack on the website coming from a specific IP address, the company wants a way to block the offending IP address Which tool or service should a Solutions Architect recommend to block the IP address?. Security groups. Network ACL. AWS WAF. AWS Shield.

An environment has an Auto Scaling group across two Availability Zones referred to as AZ-a and AZ-b and a default termination policy, AZ-a has four Amazon EC2 instances, and AZ-b has three EC2 instances-None of the instances is protected from a scale-in. How will Auto Scaling proceed if there is a scale-in event?. Auto Scaling selects an instance to terminate randomly. Auto Scaling terminates the instance with the oldest launch configuration of all instances. Auto Scaling selects the Availability Zone With four EC2 instances and then continues to evaluate. Auto Scaling terminates the instance With the closest next billing hour Of all instances.

A company is evaluating Amazon S3 as a data storage solution for their daily analyst reports. The company has implemented stringent requirements concerning the security Of the data at rest. Specifically, the CISO asked for the use of envelope encryption with separate permissions for the use of an envelope key, automated rotation Of the encryption keys, and visibility into When an encryption key was used and by whom, Which steps should a Solutions Architect take to satisfy the security requirements requested by the CISO?. Create an Amazon S3 bucket to store the reports and use Server-Side Encryption with Customer-Provided Keys (SSE-C). Create an Amazon 53 bucket to store the reports and use Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3). Create an Amazon S3 bucket to store the reports and use Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS). Create an Amazon S3 bucket to store the reports and use Amazon versioning with Server-Side Encryption With Amazon S3-Managed Keys (SSE-S3).

An organization is deploying Amazon ElastiCache for Redis and requires password protection to improve their data security posture Which solution should a Solutions Architect recommend?. Redis Auth. AWS Single Sign-on. IAM database authentication. VPC security group for Redis.

A Solutions Architect is designing a solution for a dynamic website, "example.com," that is deployed in two regions Tokyo, Japan and Sydney, Australia The Architect wants to ensure that users located in Australia are directed to the website deployed in the Sydney region and users located in Japan are directed to the website in the Tokyo region when they browse to "example@com." Which service should the Architect use to achieve this goal with the LEAST administrative effort?. Amazon CloudFront with geolocation routing. Amazon Route 53. Application Load Balancer. Network Load Balancer deployed across multiple regions.

A Solutions Architect has a two-tier blog application with a single Amazon EC2 instance web server and Amazon RDS MySQL Multi-AZ DB instances. The Architect is re-architecting the application for high availability by adding instances in a second Availability Zone Which additional services will improve the availability of the application? (Select TWO.). Auto Scaling group. AWS CIoud Trail. ELB Classic Load Balance. Amazon DynamoDB. Amazon ElastiCache.

A company expects its user base to increase five times over one year. Its application is hosted in one region and uses an Amazon RDS Mi/SQL database, an ELB Application Load Balancer, and Amazon ECS to host the website and its microservices Which design changes should a Solutions Architect recommend to support the expected growth? (Select TWO). Move static files from ECS to Amazon S3. use an Amazon Route 53 geolocation routing policy Scale the environment based on real-time AWS CloudTrail logs. Scale the environment based on real-time AWS CloudTrail logs. Create a dedicated Elastic Load Balancer for each microservice. Create RDS read replicas and change the application to use these replicas.

A company is launching a new static website on Amazon S3 and Amazon CloudFront. The company wants to ensure that all web requests go through only CloudFron How can a Solutions Architect meet this requirement?. Configure the S3 bucket policy to allow only CloudFront IP addresses to read objects. Create IAM users in a group that has read access to the S3 bucket Configure CloudFront to pass credentials to the S3 bucket. Create a CloudFront origin access identity (ON), then update the 53 bucket policy to allow the (OAI) read access. Convert the S3 bucket to an EC2 instance, then give CloudFront access to the instance by using security groups.

A company hosts a website on premises. The website has a mix Of static and dynamic content, but users experience latency when loading static files. Which AWS service can help reduce latency?. Amazon CloudFront with on-premises servers as the origin. ELB Application Load Balancer. Amazon Route 53 latency-based routing. Amazon EFS to store and serve static files.

A company is migrating its data center ta AWS. As part of this migration, there is a three-tier web application that has strict data-at-rest encryption requirements. The customer deploys this application on Amazon EC2 using Amazon EBS, and now must provide encryption at-rest How can this requirement be met without changing the application?. Use AWS Key Management Service and move the encrypted data to Amazon 53. Use an application-specific encryption API with AWS server-side encryption. Use encrypted EBS storage volumes With AWS-managed keys. Use third-party tools to encrypt the EBS data volumes with Key Management Service Bring Your Own Keys.

A company has thousands Of files stored in an Amazon 53 bucket that has a well-defined access pattern. The files are accessed by an application multiple times a day for the first 30 days Files are rarely accessed within the next 90 days. After that the files are never accessed again During the first 120 days, accessing these files should never take more than a few seconds Which lifécycle policy should be used for the S3 objects to minimize costs based on the access pattern?. Use Amazon S3 Standard-Infrequent Access (S3 Standard-IA) storage for the first 30 days. Then move the files to the GLACIER storage class for the next 90 days. Allow the data to expire after that. Use Amazon S3 Standard storage for the first 30 days. Then move the files to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) for the next 90 days Allow the data to expire after that. Use Amazon S3 Standard storage for first 30 days. Then move the files to the GLACIER storage class for the next 90 days. Allow the data to expire after that. Use Amazon 53 Standard Infrequent Access (S3 Standard-IA) for the first 30 days. After that. move the data to the GLACIER storage class, where it will be deleted automatically.

A customer is deploying a production portal application on AWS. The database tror has structured data The company requires a solution that is easily manageable and highly available How can these requirements be met?. Deploy the database on multiple Amazon EC2 instances backed by Amazon EBS across multiple Availability Zones. Use Amazon RDS with a multiple Availability Zone option. Use RDS with a single Availability Zone option and schedule periodic database snapshots. Use Amazon DynamoOB.

A company is migrating an on-premises application to AWS, The application currently uses their corporate message broker, passing messages between layers by using the MQTT protocol Because Of time and budget the company cannot rewrite the application and cannot manage a new message broker on the EC2 instances. Which service should a Solutions Architect use to allow the customer to migrate the application to?. Amazon SNS. Amazon SQS. Amazon MQ. Amazon SWF.

A Customer has a legacy application With a large amount Of data. The files accessed by the application are approximately 10 GB each, but are rarely accessed However, when files are accessed, they are retrieved sequentially. The customer is migrating the application to AWS and would like to use Amazon EC2 and Amazon EBS. What is the LEAST expensive EBS volume type for this use case?. cold HDD. Provisioned IOPS SSD (101). General Purpose SSD (p2). Throughput Optimized HDD (st1).

A Solutions Architect has designed? VPC that meets all necessary security requirements for their organization. Any applications deployed in the organization must use this VPC design. How can project teams deploy, manage, and delete VPCs that meet this design with the LEAST administrative effort?. Deploy an AWS CloudFormation template that defines components Of the VPC. Run a script that uses the AWS Command Line Interface to deploy the VPC. Clone the existing authorized VPC for each new project. Use AWS Elastic Beanstalk to deploy both the VPC and the application.

A team is launching a marketing campaign and the peak database read activity in Amazon Aurora for MySQL is expected to increase. A Solutions Architect decides to add two Read Replicas to the cluster How should the Solutions Architect ensure that the connections for read activities are load balanced?. Reader endpoint for Amazon Aurora. Cluster endpoint for Amazon Aurora. Primary DB instance endpoint for Amazon Aurora. Replica DB instances endpoint for Aurora.

A Solutions Architect is designing a new social media application. The application must provide a secure method for uploading profile photos. Each user should be able to upload a profile photo into a shared storage location for one week after their profile is created Which approach will meet all of these requirements?. Use Amazon Kinesis with AWS Cloud Trail for auditing the specific times when profile photos are uploaded. Use Amazon EBS volumes with IAM policies restricting user access to specific time periods. Use Amazon S3 with the default private access policy and generate presigned URLS each time a new site profile is created. Use Amazon CloudFront with AWS Cloud Trail for auditing the specific times when profile photos are uploaded.

An application running on Amazon EC2 has been experiencing performance issues when accessing an Amazon RDS for Oracle database. The database has been provisioned correctly for average workloads, but there are several usage spikes each day that have saturated the database, causing the application to time out. The application is write-heavy, updating information more often than reading information. A Solutions Architect has been asked to review the application desing. What should the Solutions Architect recommend to improve performance?. Put an Amazon ElastiCache cluster in front Of the database and use lazy loading to limit database access during peak periods. put an Amazon Elasticsearch domain in front Of the database and use a Write through cache to reduce database access during peak periods. Configure an Amazon RDS Auto Staling group to automatically scale the RDS instance during load spikes. Change the Amazon RDS instance storage type from General Purpose SSDto Provisioned IOPS SSD.

A retail company has sensors placed in its physical retail stores. The sensors send messages over HTTP when customers interact with in-store product displays A Solutions Architect needs to implement a system for processing those sensor messages, the results must be available for the Date Analysis team. Which architecture should be used to meet these requirements?. Implement an Amazon API Gateway to serve as the HTTP endpoint. Have the API Gateway, trigger an AWS Lambda function to process the messages, and save the results to an Amazon DynamoOB table. Create an Amazon EC2 instance to serve as the HTTP endpoint and to process the messages, Save the results to Amazon 53 for the Data Analysis team to download. use Amazon Route 53 to direct incoming sensor messages to a Lambda function to process the message and save the results to a Amazon DynamoDB table. Use AWS Direct Connect to connect sensors to DynamoDB so that data can be written directly to a DynamoOB table where it can be accessed by the Data Analysis team.

An application is running on an Amazon EC2 instance in a private subnet. The application needs to read and write data onto Amazon Kinesis Data Streams, and corporate policy requires that this traffic should not go to the internet How can these requirements be met?. Configure a NAT gateway in a public subnet and route all traffic to Amazon Kinesis through the NAT gateway. Configure a gateway VPC endpoint for kinesis and route all traffic to Kinesis through the gateway VPC endpoint. Configure an interface VPC endpoint for Kinesis and route all traffic to Kinesis through the interface VPC endpoint. Configure an AWS Direct Connect private virtual interface for Kinesis and route all traffic to Kinesis through the virtual interface.

A company uses Amazon 53 for storing a variety of files. A Solutions Architect needs to design a feature that will allow users to instantly restore any deleted files within 30 days of deletion Which is the MOST cost-fficient solution?. Create lifecycle policies that move the objects to Amazon Glacier and delete them after 30 days. Enable cross-region replication. Empty the replica bucket every 30 days using an AWS Lambda function. Enable versioning and create a lifecycle policy to remove expired versions after 30 days. Enable versioning and MEA Delete. Using a Lambda function, remove MFA delete from objects more than 30 days Old.

A company's website receives 50,000 requests each second, and the company wants to use multiple applications to analyze the navigation patterns of the users on their website so that the experience can be personalized. What can a Solutions Architect use to collect page clicks for the website and process them sequentially for each user?. Amazon Kinesis Stream. Amazon SQS standard queue. Amazon SQS FIFO queue. AWS CloudTrail trail.

A web application is running on Amazon EC2 instances behind an Elastic Load Balancing Application Load Balancer (ALB). The EC2 instances should receive no traffic, except for web requests to the application Based on these requirements, what security group rules should be put on the Amazon EC2 instances?. An inbound rule allowing traffic from the security group attached to the ALB. An inbound rule allowing traffic from the network ACLs attached to the ALB. An outbound rule allowing traffic to the security group attached to the ALB. An outbound rule blocking all traffic to the internet.

A web application runs on Amazon EC2 instances behind an ELB Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. Every night the Auto Scaling group doubles in size. Traffic analysis shows that users in a particular region are requesting the same static content stored locally on the EC2 instances HOW can a Solutions Architect reduce the need to scale and improve application performance for the users?. Re-deploy the application in a new VPC that is closer to the users making the requests. Create an Amazon CloudFront distribution for the site and redirect user traffic to the distribution. Store the contents on Amazon EFS instead of the EC2 root volume. Implement Amazon Redshift to create a repository of the content closer to the users.

A company has an application that uses Amazon CloudFront for content that is hosted on an Amazon S3 bucket After an unexpected refresh, the users are still seeing old content. Which step should the Solutions Architect take to ensure that new content is displayed?. Perform a cache refresh on the CloudFront distribution that is serving the content. Perform an invalidation on the CloudFront distribution that is serving the content. Create new cache behavior path With the updated content. Change the TTL value for removing the old objects.

A Solutions Architect must create a solution whereby user access to multiple Amazon Aurora MySQL databases is securely managed with short-lived connection credentials. How can the Solutions Architect meet these requirements?. Create a database user to run the GRANT statement with a short-lived token. Create the user account to use the AWS-provided AWS Authentication Plugin with IAM. Use AWS Systems Manager to securely save the connection secrets, and use the secrets While connecting. Use AWS KMS to securely save the connection secrets, and use the secrets While connecting.

A company is storing data in an Amazon DynamoDB table and needs to take daily backups and retain them for 6 months How should the Solutions Architect meet these requirements without impacting the production workload?. Use DynamoDB replication and restore the table from the replica. Use AWS Data Pipeline and create a scheduled job to back up the DynamoDB table daily. use Amazon CloudWatch Events to trigger an AWS Lambda function that makes an on-demand backup of the table. Use AWS Batch to create a scheduled backup with the default template, then back up to Amazon S3 daily.

A company needs to capture all client from its Application Load Balancer every five minutes. This data will be used to analyze traffic patterns and troubleshoot the application How can a Solutions Architect meet this requirement?. Enable AWS Cloud Trail for the Application Load Balancer. Enable Access Logs on the Application Load Balancer. Install Cloud Watch Agent on the Application Load Balancer. Enable Cloud Watch metrics on the Application Load Balancer.